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I.  INTRODUCTION 


A.  MAJOR  RESEARCH  QUESTIONS 

Identity  theft  and  fraudulent  document  production  are  reaching  alarming  levels  in 
the  United  States.  The  Federal  Trade  Commission  (FTC)  estimates  place  the  annual  cost 
of  identity-related  crimes  at  $50  billion.1  Since  reporting  began  in  2000,  identity  theft 
has  dominated  as  the  most  reported  crime,  and  the  overall  number  of  reports  continues  to 
increase  each  year.2  But  identity  theft  is  only  part  of  a  greater  identity  problem. 

Identity  fraud  encompasses  the  use  of  stolen  identity  or  fictitious  identity 
information  to  falsely  represent  oneself.  In  addition  to  numerous  financial  crimes, 
identity  fraud  has  been  used  to  facilitate  terrorist  travel  and  criminal  evasion. 
Vulnerabilities  in  the  nation’s  identification  management  systems  threaten  economic 
stability  and  leave  a  serious  gap  in  homeland  security. 

In  2003,  the  U.S.  Government  Accountability  Office  (GAO)  released  a  report 
following  the  investigation  of  identity  credential  issuing  agencies  in  multiple  states  across 
the  nation.  Undercover  investigators  attempted  to  obtain  genuine  driver’s  licenses,  enter 
the  United  States  from  foreign  destinations,  gain  access  to  federal  buildings,  and  purchase 
firearms  using  fraudulent  documents.  They  were  successful  in  every  instance.3  While 
most  think  of  identity  theft  and  document  fraud  as  an  economic  crime,  this  thesis  aims  to 
explore  the  extent  to  which  weak  identification  systems  constitute  a  threat  to  homeland 
security. 

Homeland  Security  Presidential  Directive  7  (HSPD-7)  defines  critical 
infrastructure  as  any  sector  that  has  the  potential  to  “impair  Federal  departments  and 
agencies’  ability  to  perform  essential  missions... undermine  State  and  local  government 

1  Kristin  M.  Finklea,  “Identity  Theft:  Trends  and  Issues,”  Congressional  Research  Service,  R40599 
(2010),  10. 

2  Ibid. 

3  U.S.  Government  Accountability  Office,  “Counterfeit  Identification  and  Identity  Fraud  Raise 
Security  Concerns,”  GAO-03-1 147T  (Washington,  D.C.,  May  25,  2011):  1. 
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capabilities  to  maintain  order... [or]  undermine  the  public’s  morale  and  confidence  in  our 
national  economic  and  political  institutions.”4  While  identity  verification  systems  are  not 
a  recognized  sector  of  critical  infrastructure,  national  economic  and  political  institutions 
rely  on  identity  to  function.  Taxation,  government  benefits,  citizenship,  and  the  legal 
system  are  all  governmental  functions  that  can  be  undermined  by  fragile  identity  systems. 

Similarly,  economic  processes  such  as  mortgages,  credit  lines,  and  banking  are 
equally  susceptible  to  identity  fraud.  Stealing  identity  information  or  misrepresenting 
true  identity  allows  perpetrators  to  acquire  goods  or  services  without  consequence. 
Identity  theft  victims  are  often  unaware  that  their  information  has  been  compromised 
until  they  apply  for  credit  and  are  denied.  Credit  institutions,  eager  to  issue  credit  lines, 
accept  the  risk  of  fraud  and  pass  the  cost  along  to  responsible  consumers.  Writing  off 
losses  is  often  less  of  an  investment  than  persuing  an  investigation  against  suspected 
cases  of  fraud. 

The  basic  functions  of  identity  systems  can  be  summarized  into  three  categories. 
First,  the  system  must  identify  and  distinguish  you  from  other  users  of  the  system.5 
Second,  the  system  must  authenticate  your  identity.6 7  Current  systems  rely  on  token 
identifiers  such  as  driver’s  licenses  or  passports  to  confirm  that  you  are  who  you  say  you 
are.  Finally,  the  system  must  determine  your  level  of  authorization.1  Having  a  passport 
that  correctly  identifies  you  does  not  give  you  the  authorization  to  enter  every  country. 
These  basic  functions  must  work  in  concert  to  protect  the  integrity  of  the  system. 

Identity  verification  systems  are  large  networks,  susceptible  to  degradation,  and 
vital  to  other  sectors  of  critical  infrastructure.  Consequently,  should  identity  systems  be 
considered  a  sector  of  critical  infrastructure?  Analyzing  these  systems  as  a  critical 


4  Text  of  the  Homeland  Security  Presidential  Directive/HSPD-7  on  the  Homeland  Security  Digital 
Library  website,  https://www.hsdl.org/?view&doc=78291&coll=limited  (accessed  June  4,  2011). 

5  Bruce  Schneier,  Beyond  Fear:  Thinking  Sensibly  about  Security  in  an  Uncertain  World  (New  York: 
Copernicus  Books,  2003),  182. 

6  Ibid.,  183. 

7  Ibid. 
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infrastructure  may  provide  a  necessary  framework  that  is  largely  absent  in  any  existing 
literature.  This  framework  includes  language  and  concepts  familiar  to  policymakers  and 
scholars  of  network  analysis. 

Additionally,  what  are  the  common  security  implications  of  weaknesses  in 
identity  verifications  systems?  Pinpointing  areas  of  fragility  is  the  first  step  in 
developing  a  strategy  to  counter  fraud  and  increase  capability.  This  thesis  will  seek  to 
analyze  identity  management  systems  as  a  critical  infrastructure  analog  and  will  examine 
potential  solutions  from  an  all-hazards  approach. 

B.  LITERATURE  REVIEW 

In  a  2006  article  on  identity  theft,  Keith  B.  Anderson  wrote  that  “The  literature  on 

o 

identity  theft,  both  conceptual  and  empirical,  is  in  its  infancy.”  Seven  years  later,  this 
description  still  holds  true.  Many  authors  have  written  on  particular  aspects  of  identity 
theft,  but  none  have  succeeded  in  completing  a  singular  comprehensive  and  informative 
piece  of  quintessential  literature.  Instead,  the  literature  addressing  identity  theft  and 
document  fraud  is  limited  to  specific  areas  of  interest  and  takes  many  different 
approaches.  While  the  vast  majority  of  existing  work  focuses  on  economic  consequences 
of  weak  identity  systems,  few  articles  describe  the  threat  to  homeland  security.  This 
review  will  examine  major  works  of  existing  literature  that  address  identity  system 
fragility  and  will  highlight  areas  for  additional  research. 

Personal  information  can  be  compromised  in  a  number  of  ways.  The  most 
common  means  of  information  loss,  as  reported  by  the  Federal  Trade  Commission  (FTC), 
are  careless  disposal  of  sensitive  information  in  the  trash,  mail  theft,  hacking  of  business 
records,  employees  abusing  access  to  business  databases,  elaborate  fraudulent  credit  card 
scanners,  stolen  purse  or  wallet,  or  phone  and  Internet  scams.* * 9  The  FTC  also  reports  that 
identity  thieves  steal  information  in  order  to  commit  credit  card  fraud,  establish  utilities, 


^  Keith  B.  Anderson,  “Who  are  the  victims  of  identity  theft?  The  effect  of  demographics,”  Journal  of 

Public  Policy  &  Marketing,  25,  no.  2  (2006):  160. 

9  Federal  Trade  Commission,  “Take  Charge:  Fighting  Back  Against  Identity  Theft,”  February  2006,  on 
the  Federal  Trade  Commission  website  at  http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.pdf. 
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counterfeit  financial  documents,  file  for  bankruptcy,  make  large  purchases,  obtain 
identity  documents  or  employment,  and  evade  law  enforcement. 10  Many  consumers  are 
aware  of  these  threats  and  take  limited  precautions  to  protect  against  them. 

Consumers  typically  provide  characteristics  such  as  date  of  birth,  social  security 
number,  and  mother’s  maiden  name  in  order  to  verify  who  they  are.  But  defining  the 
unique  characteristics  that  distinguish  an  individual  from  among  others  is  “among  the 
most  elusive  and  difficult  concepts  confronting  scholars  and  researchers.”11 
Identification  requires  a  comparison  and  authentication  of  presented  characteristics 
against  known  metrics.  However,  many  of  the  current  metrics  are  easily  spoofed  or 
reproduced. 

There  are  three  basic  identity  verification  methods  that  are  widely  accepted 
among  experts  in  the  field.  “Knowledge  based”  identity  requires  a  consumer  to  produce 
information  unique  to  that  person.  ~  “Token-based”  identity  is  based  on  an  identification 
document,  like  a  driver’s  license  or  passport.  ~  “Biometric”  identity  uses  unique  physical 
characteristics  to  differentiate  individuals.14 

Newer  and  more  controversial  methods  of  proving  identity  are  radio  frequency 
identification  (RFID)  chips  or  location  tracking  through  mobile  telephone  service 
providers. 15  While  all  of  these  methods  provide  some  level  of  security,  each  is 
susceptible  to  unauthorized  reproduction.  LoPucki  explains  that  “creditors  and  credit¬ 
reporting  agencies  often  lack  both  the  means  and  the  incentive  to  correctly  identify  the 
persons  who  seek  credit  from  them  or  on  whom  they  report.”16 


10  Ibid. 

Charles  D.  Raab,  “Social  and  Political  Dimensions  of  Identity,'’  in  IF IP  International  Federation 
for  Information  Processing,  ed.  Fischer-Hubner  (Boston:  Springer,  2008):  4. 

1“  Roger  Clarke,  “Human  Identification  in  Information  Systems:  Management  Challenge  and  Public 
Policy  Issues,”  Information  Technology  &  People,  7,  no.  4  (1994):  14. 

13  Ibid. 

14  Ibid.,  19. 

I3  Ruth  Halperin  and  James  Backhouse,  “A  Roadmap  for  Research  on  Identity  in  the  Information 
Society ,”  Identity  Journal  Limited,  l,no.  1  (2008):  75. 

1 6  Lynn  LoPucki,  “Human  Identification  Theory  and  the  Identity  Theft  Problem,”  Texas  Law  Review, 
no.  01-1  (2001):  94. 
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The  White  House  addressed  the  threat  to  identity  systems  in  its  National  Strategy 
for  Trusted  Identities  in  Cyberspace.  The  strategy  outlines  a  technology-driven  solution 
to  restore  consumer  confidence  in  Internet  purchasing.  The  Identity  Ecosystem  “is  an 
online  environment  where  individuals  and  organizations  can  trust  each  other  because  they 
follow  agreed-upon  standards  and  processes  to  identify  and  authenticate  their  digital 
identities — and  the  digital  identities  of  organizations  and  devices.”  The  strategy 
provides  a  fictitious  example  describing  how  the  system  might  work  to  request  medical 
records  using  the  Identity  Ecosystem: 

Keisha  uses  the  browser  on  her  cell  phone  to  access  the  hospital  website. 

The  browser  authenticates  the  hospital’s  website  domain  so  that  Keisha 
knows  she  is  not  sending  information  to  a  fraudulent  site.  Keisha  has  a 
digital  certificate  issued  by  her  trustmarked  cell  phone  carrier  (also  her 
IDP),  and  the  hospital  validates  the  authenticity  of  the  credential,  her  cell 
phone,  and  her  digital  identity. 19 

While  the  Identify  Ecosystem  is  supposed  to  provide  a  safe  environment  between 
accredited  consumers  and  providers,  the  strategy  does  not  explore  the  possibility  of 
Keisha’ s  cell  phone  being  stolen  or  otherwise  compromised.  Additionally,  it  does  not 
consider  the  role  of  hackers  in  corrupting  the  information  systems  that  the  Identity 
Ecosystem  relies  upon.  The  strategy  outlines  an  initial  approach,  but  is  absent  of 
contingencies  and  specifics. 

The  Government  Accountability  Office  (GAO)  released  a  statement  by  its  director 
of  strategic  issues  to  the  Senate  Subcommittee  on  Fiscal  Responsibility  and  Economic 
Growth  regarding  initiatives  to  assist  victims  of  tax  fraud.  In  particular,  the  director 
addressed  employment  and  refund  fraud.  He  praised  the  IRS  for  taking  steps  to  resolve, 
detect,  and  prevent  identity  theft  in  its  tax  returns,  but  was  critical  of  confidentiality  laws 


17  Howard  A.  Schmidt,  “National  Strategy  for  Trusted  Identities  in  Cyberspace,”  April  2011, 
http://www.whitehouse.gov/sites/default/files/rss  viewer/NSTICstrategy  04151  l.pdf  (accessed  June  6, 
2011). 

18  Ibid. 

19  Ibid. 

20  GAO,  “Taxes  and  Identity  Theft:  Status  of  IRS  Initiatives  to  Help  Victimized  Taxpayers,”  GAO- 
11-674T  (Washington,  D.C.,  May  25,  2011):  1. 
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that  prevented  the  IRS  from  coordinating  with  other  agencies  or  taxpayers  to  catch 

2j 

perpetrators.  Bureaucratic  limitations  constrain  efforts  to  investigate  or  track  imposters. 


Figure  1.  Total  FTC  Consumer  Fraud  Complaints22 


Economic  crimes  resulting  from  identity  theft  represent  the  majority  of  FTC 
complaints  (Figure  1),  but  these  crimes  tend  to  be  relatively  small  in  scale.  Criminal 
record  identity  theft,  on  the  other  hand,  represents  a  very  real  threat  to  homeland  security. 
Despite  this  risk,  the  FTC  consumer  guide  mentions  misuse  of  identification  for  criminal 
evasion  in  one  section  of  the  52-page  document.  Criminal  record  identity  theft  is  a  tactic 
that  has  been  used  by  illegal  immigrants,  criminal  organizations,  and  terrorists.  This 
tactic  allows  an  imposter  to  launder  his  own  identity  and  insulate  himself  from  detection 
by  law  enforcement  and  operate  with  near  impunity. 


21  Ibid. 

--  Kristin  M.  Finklea,  “Identity  Theft:  Trends  and  Issues,”  Congressional  Research  Service,  R40599 
(2012),  10. 

2^  Pearl,  “It’s  Not  Always  about  the  Money:  Why  the  State  Identity  Theft  Laws  Fails  to  Adequately 
Address  Criminal  Record  Identity  Theft,”  179. 
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Organized  crime  plays  a  broad  and  pervasive  role  in  the  undennining  of  identity 
verification  systems.  In  general,  identity  crimes  require  a  network.24  Organized 
transnational  criminal  networks  are  optimized  for  collecting  stolen  identity,  converting  it 
to  a  useable  form,  and  disseminating  it  for  sale.  Jurisdictional  limitations  and  the  lack  of 
international  cooperation  greatly  contribute  to  the  success  and  sustainment  of  these 
organizations.  Attempts  to  dismantle  organized  crime  are  largely  ineffective  without 
comprehensive  examination  of  the  entire  organization.  Network  analysis  is  essential  to 
obtain  a  larger  perspective  and  identify  critical  nodes  of  network  structure  and  operation. 

Ted  G.  Lewis  defines  a  network  as  “a  collection  of  nodes  and  links  that  connect 
pairs  of  nodes.”  His  framework  is  described  in  terms  of  physical  infrastructure 
protection.  Lewis  explains  that  “Network  theory  is  powerful  because  of  its  generality  and 
our  ability  to  apply  known  analysis  techniques  to  the  network  model.”  In  essence, 
networks  can  be  described  using  mathematical  probabilities  that  identity  critical  nodes. 
This  knowledge  could  potentially  be  used  by  policymakers  to  protect  against  attack  on 
the  homeland  or  develop  strategies  to  dismantle  target  networks. 

Social  network  analysis  allows  network  analysis  principles  to  be  applied  to 
criminal  and  terrorist  organizations.  Once  a  social  network  is  mapped,  “this  knowledge 
can  then  be  used  to  identify  key  individuals,  relationships,  and  organizational 

practices.”  Researchers  have  recognized  the  utility  of  social  network  analysis  to  detect 

28 

fraud  in  specific  cases,  such  as  Internet  auction  fraud,  but  have  failed  to  examine  the 


24  Judith  M.  Collins,  Investigating  Identity  Theft:  A  Guide  for  Businesses,  Law  Enforcement,  and 
Victims  (Hoboken,  NJ:  John  Wiley  &  Sons,  Inc.,  2006),  18. 

25  Ted  G.  Lewis,  Critical  Infrastructure  Protection  in  Homeland  Security:  Defending  a  Networked 
Nation  (Hoboken,  NJ:  John  Wiley  &  Sons,  2006),  78. 

26  Ibid.,  79. 

22  J.  Todd  Hamill,  Richard  F.  Deckro,  James  W.  Chrissis,  and  Robert  F.  Mills,  “Analysis  of  Layers 
Social  Networks,”  IO  Sphere  (2008):  2,  http://www.au.af.mil/info- 
ops/iosphere/08winter/iosphere  win08  hamill.pdf  (accessed  November  17,  2011). 

2^  Chaochang  Chiu,  Yungchang  Ku,  Ting  Lie,  and  Yuchi  Chen,  “Internet  Auction  Fraud  Detection 
Using  Social  Network  Analysis  and  Classification  Tree  Approaches,”  International  Journal  of  Electronic 
Commerce  15,  no.  3,  (2011):  123. 
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underlying  problem  with  identity  verification  systems.  Network  analysis  and  critical 
infrastructure  tenninology  are  a  start  to  developing  comprehensive  understanding  of  the 
identity  meta-sector. 

Government  agency  strategies  provide  vital  insight  as  to  how  each  agency  views 
identity  problems  and  what  they  are  doing  to  combat  them.  They  define  the  culture  and 
specific  niche  of  a  particular  agency  while  outlining  strategic  issues  to  be  addressed. 
Identity  theft  and  fraud  are  frequently  addressed  but  rarely  in  any  meaningful  manner. 

The  2010  Quadrennial  Homeland  Security  Review  Report  and  the  U.S. 
Department  of  Justice  Strategic  Plan  address  identity  theft  as  a  cyber  threat,  but  both  fail 
to  describe  identity  theft  as  a  threat  to  homeland  security.  The  U.S.  Immigration  and 
Customs  Enforcement  Strategic  Plan,  on  the  other  hand,  highlights  identity  fraud  as  a 
terrorist  tactic  used  to  enter  the  United  States.  Unlike  the  Department  of  Homeland 
Security  and  Department  of  Justice,  prevention  of  identity  fraud  is  included  in  ICE’s 
objectives. 

The  Office  of  Community  Oriented  Policing  Services  (COPS),  a  liaison  office 
within  the  Department  of  Justice,  released  “A  National  Strategy  to  Combat  Identity 
Theft”  in  May  2006.  Of  all  the  national  strategies,  this  document  is  the  most 
comprehensive  and  informative.  Most  significantly,  the  strategy  states: 

One  of  the  most  challenging  aspects  of  identity  theft  is  its  potential 
relationship  to  international  terrorism.  Identity  theft  could  be  used  broadly 
by  crime  rings  that  may  include  international  members;  therefore, 
whenever  transnational  crime  is  discussed  authorities  should  look  for  a 
connection  to  terrorism.  Identity  theft  demands  the  most  effective  police 
response  possible.31 

The  potential  link  between  terrorism  and  organized  crime  has  received  increasing 
attention  in  recent  years.  Some  researchers  have  drawn  similarities  between  the 

29  Department  of  Homeland  Security,  “Quadrennial  Homeland  Security  Review  Report,"  (2010):  56; 
U.S  Department  of  Justice,  “Strategic  Plan:  Stewards  of  the  American  Dream,”  (2007):  4. 

36  U.S.  Immigration  and  Customs  Enforcement,  “ICE  Strategic  Plan:  Fiscal  Years  2010-2014," 
(2010):  3. 

3 1  Office  of  Community  Oriented  Policing  Services,  “A  National  Strategy  to  Combat  Identity  Theft,” 
U.S.  Department  of  Justice  (2006):  1. 
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operational  and  organizations  structures  of  each  group.32  Others  point  to  organized  crime 
as  a  source  of  revenue  for  terrorist  organizations.33  Both  groups  use  stolen  and 
fraudulent  identity  to  sustain  operations  and  this  link  demands  additional  research. 
Securing  identity  systems  may  prove  to  limit  the  scope  of  terrorist  and  criminal 
operations. 

In  2004,  the  Economic  Crime  Institute  at  Utica  College  joined  with  Lexis  Nexis  to 
study  the  net  effect  of  identity  fraud  on  global  and  U.S.  national  security.34  The  resulting 
article  outlined  the  size  and  scope  of  identity  issues,  described  many  of  the  second  order 
effects,  and  provided  strategic  recommendations  for  managing  fraud.35  Although  the 
article  was  extensive,  it  failed  to  present  a  framework  for  objectively  analyzing  the  many 
core  and  satellite  issues  extending  from  identity  theft  and  fraud.  Presenting  identity 
verification  systems  as  a  sector  of  critical  infrastructure  provides  this  much  needed 
framework. 

C.  IMPORTANCE  OF  RESEARCH 

The  problem  of  identity  is  one  that  is  often  overlooked.  Identity  is  necessary  for 
commerce  and  governments  to  function  but  identification  is  not  a  simple  process. 
Historically,  identity  was  a  method  of  social  distinction  rather  than  economic  function.36 
Communities  recognized  individuals  based  on  appearance,  voice,  first-hand  knowledge, 
and  name.37  Developing  economic  systems  changed  the  scale  of  identity  systems  from 
community  to  regional.  The  increase  in  scale  of  economic  transactions  acted  to  increase 


32  Frank  S.  Perri  and  Richard  G.  Brody,  “The  Dark  Triad:  Organized  Crime,  Terror  and  Fraud,” 
Journal  of  Money  Laundering  Control  14,  no.l  (2011):  44. 

33  Tamara  Makarenko,  “The  Crime-Terror  Continuum:  Tracing  the  Interplay  between  Transnational 
Crime  and  Terrorism,”  Global  Crime  6,  no.  1  (2004):  129. 

34  G.  R.  Gordon,  N.  A.  Willox,  D.  J.  Rebovich,  T.  M.  Regan,  and  J.  B.  Gordon,  “Identity  Fraud:  A 
Critical  National  and  Global  Threat,”  Journal  of  Economic  Crime  Management  2,  (2004). 

35  Ibid.,  2. 

36  Roger  Clarke,  “Human  Identification  in  Information  Systems:  Management  Challenge  and  Public 
Policy  Issues,”  Information  Technology  &  People,  7,  no.  4  (1994):  8. 

37  Ibid. 
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the  need  for  a  reliable  system  to  identify  persons  from  separate  communities  who  may 
have  never  met.38  Surnames  and  assigned  account  numbers  helped  to  fulfill  this  need  for 
a  time.39 

Modern  transportation  and  communication  systems  have  increased  the  scale  of 
travel  and  economic  transactions  to  a  global  level.  Face-to-face  recognition  is  virtually 
obsolete  as  a  primary  means  of  identification  for  most  operations.  Instead,  knowledge 
and  token-based  identifiers  are  the  most  widely  used  identity  authentication  methods. 
Typical  “knowledge-based”  identifiers  include  name,  address,  phone  number,  mother’s 
maiden  name,  and  social  security  number.40  Using  this  information,  governments  and 
business  issue  “token”  identifiers  such  as  birth  certificates,  credit  cards,  driver’s  licenses, 
and  passports.41 

Knowledge  and  token-based  identifiers  codify  characteristics  of  human  identity, 
but  neither  method  is  capable  of  definitively  identifying  one  individual  from  another.42 
Token  identifiers  are  usually  verified  using  knowledge-based  identifiers  or  checked 
against  existing  databases  to  increase  resiliency  of  the  system.  This  verification  process 
cannot  account  for  the  duplication  or  misrepresentation  of  names,  similar  physical 
characteristics,  and  fraudulent  tokens.  Additionally,  verification  databases  must  be  made 
widely  available  to  be  viable.  This  wide  dissemination  provides  opportunities  for  thieves 
to  steal  knowledge-based  information  that  is  not  easily  changed  once  compromised.43 

Biological  characteristics  offer  an  alternative  to  knowledge  and  token-based 
verification.  Fingerprints,  retinal  scans,  facial  recognition  software,  and  DNA  provide 
technically  and  economically  feasible  options  to  governments  and  businesses.44  In  the 
United  States,  however,  fears  of  government  abuse  of  power  make  these  options  socially 

38  Ibid. 

39  Ibid.,  13 

40  Ibid.,  14. 

41  Ibid. 

42  Ibid.,  17. 

43  Lynn  LoPucki,  “Human  Identification  Theory  and  the  Identity  Theft  Problem,”  Texas  Law  Review 
95,  no.  1  (2001),  109. 

44  Roger  Clarke,  “Human  Identification  in  Information  Systems:  Management  Challenge  and  Public 
Policy  Issues,”  20. 
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unacceptable  and  contrary  to  national  values.  Providing  a  blood  sample  for  a  social 
security  card  or  credit  line  is  considered  an  “unwarranted  invasion  of  privacy.”45  On  the 
other  hand,  Europeans  are  generally  more  willing  to  submit  to  more  invasive 
identification  techniques.46  Identity  systems  contain  a  social  component  that  may  vary 
from  location  to  location  making  it  “necessary  to  balance  the  interest  of  individuals  in  the 
various  aspects  of  civil  liberty.”47 

The  identity  system  functions  when  all  actors  play  by  the  rules  of  the  system. 
However,  significant  security  lapses  can  occur  when  thieves  steal  personal  information 
and  counterfeit  token  identifiers.  Once  obtained,  personal  information  can  be  exploited 
in  a  number  of  ways.  Most  common  is  credit  fraud,  whereby  an  imposter  receives  a 
credit  line  and  purchases  goods  or  services.  Although  costly,  this  form  of  identity  theft  is 
containable.  A  victim  has  the  power  to  cancel  the  fraudulent  account  and  dispute  the 
charges. 

Identity  document  fraud  represents  a  more  difficult  and  dangerous  problem.48 
Fraudulent  documents  can  be  manufactured  or  genuine  documents  can  be  altered.  When 
a  valid  identity  is  used  to  manufacture  a  fraudulent  document,  the  imposter  has  a  greater 
chance  of  operating  undetected.  For  example,  an  imposter  who  is  stopped  for  a  traffic 
violation  can  present  a  driver’s  license  with  his  picture  and  someone  else’s  identity 
information.  When  the  identity  is  checked  against  law  enforcement  databases,  the 
imposter’s  criminal  history  is  protected  from  discovery  while  his  victim  receives  the 
traffic  citation. 

Federal  law  prohibits  knowingly  possessing,  transferring,  or  using  any  fraudulent 
identity  document.49  However,  a  thriving  clandestine  document  industry  eagerly  supplies 
high  quality  forgeries  in  response  to  demand.  Teenagers,  illegal  immigrants,  and  other 

45  LoPucki,  “Human  Identification  Theory  and  the  Identity  Theft  Problem,”  111. 

46  Clarke,  “Human  Identification  in  Information  Systems:  Management  Challenge  and  Public  Policy 
Issues,”  27. 

47  Ibid.,  30. 

48  G.  R.  Gordon,  N.  A.  Willox,  D.  J.  Rebovich,  T.  M.  Regan,  and  J.  B.  Gordon,  “Identity  Fraud:  A 
Critical  National  and  Global  Threat,”  Journal  of  Economic  Crime  Management  2,  (2004):  3. 

49  18  U.S.C.  §  1028  (a)(l— 4). 
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customers  can  access  this  service  with  no  more  effort  than  an  Internet  search.  Websites 
traced  to  China  take  personal  information  and  payment  online,  and  then  ship  fraudulent 
driver’s  licenses  that  are  “indistinguishable”  from  their  authentic  counterparts.50  In 
addition  to  facing  criminal  charges,  users  of  this  service  may  be  victimized  by  the 
overseas  criminal  organizations  that  manufacture  their  fraudulent  licenses.51  More 
disturbing  than  underage  drinking  or  illegal  immigration  is  the  very  real  possibility  that 
terrorists  will  acquire  and  use  these  high-quality  documents  in  the  course  of  an  operation 
in  the  United  States. 

The  9/11  Commission  Report  recognized  that,  “For  terrorists,  travel  documents 
are  as  important  as  a  weapon.  Terrorists  must  travel  clandestinely  to  meet,  train,  plan, 
case  targets,  and  gain  access  to  attack.”52  Current  identification  systems  are  fragile  and 
easily  susceptible  to  manipulation.  In  the  past,  this  weakness  allowed  terrorists  to  move 
unfettered  and  participate  in  criminal  activity  to  finance  their  operations.53  While  stricter 
measures  are  being  implemented,  gaps  in  homeland  security  still  exist. 

In  the  summer  of  201 1,  Olajide  Oluwaseun  Noib  successfully  boarded  a  flight  to 
New  York  from  Los  Angeles  using  an  expired  boarding  pass  and  a  student  identification 
card.  The  24-year-old  with  dual  U.S. -Nigerian  citizenship  presented  his  student  ID  and  a 
police  report  to  support  his  story  that  his  passport  had  been  stolen.  Noib  was  not 
identified  until  his  flight  was  underway  and  airline  personnel  realized  he  was  sitting  in  a 
seat  that  was  supposed  to  be  vacant.54 


50  Jim  Avila,  “Risky  Business:  Teens  Buying  Fake  IDs  From  Overseas  Via  Internet,”  ABC  News, 
August  5,  201 1,  accessed  August  15,  201 1,  http://abcnews.go.com/U.S./ParentingWeek/riskv-business- 
teens-buving-fake-ids-overseas-Internet/story?id=l  4243205#. TkVKVfdgn4M, e-mail. 

51  Nancy  Flarty,  “Fake  IDs  Made  in  China  Seized;  Underage  Kids  Cited,”  CBS  News,  July  22,  2011, 
accessed  August  15,  201 1,  http://chicago.cbslocal.com/201 1/07/22/fake-ids-made-in-china-seized- 
underage-kids-cited/#.TkVH-8IFfV4. e-mail. 

52  National  Commission  on  Terrorist  Attacks  upon  the  United  States,  Thomas  H.  Kean,  and  Lee 
Flamilton.  Tl'ie  9/11  Commission  Report:  Final  Report  of  the  National  Commission  on  Terrorist  Attacks 
Upon  the  United  States.  (Washington,  D.C.:  National  Commission  on  Terrorist  Attacks  upon  the  United 
States,  2004),  384. 

53  Gordon  et  ah,  “Identity  Fraud:  A  Critical  National  and  Global  Threat,”  13. 

54  Carly  Schwartz,  “Olajide  Oluwaseum  Noibi  Sentenced  to  Time  Served  in  LA  Stowaway  Case,” 
Huffington  Post,  November  28,  2011,  http://www.huffmgtonpost.com/201 1/1 1/28/olajide-oluwaseun-noibi- 
stowaway  n  1117716.html  (accessed  January  16,  2012). 


12 


Identity  is  a  valuable  resource  that  various  sectors  of  infrastructure  rely  upon  to 
function.  Vulnerability  analysis  is  needed  to  create  strategies  for  enhancing  identity 
verification  systems  used  by  government  and  commerce.  Solutions  must  be 
comprehensive  and  viable  to  be  effective.  Network  analysis  tools  used  for  infrastructure 
and  social  research  offer  significant  advantages  over  current  investigative  methods  and 
represent  an  all-hazards  approach. 

If  documents  cannot  distinguish  person  from  person,  then  what  can?  What  are  the 
characteristics  that  define  human  identity?  How  can  these  characteristics  be  harnessed  to 
create  stronger  economic,  immigration  and  criminal  management  systems?  Answering 
these  questions  is  essential  to  address  weaknesses  in  current  identity  systems.  While  this 
thesis  does  not  contain  all  the  answers,  it  aims  to  further  understanding  of  the  problems 
associated  with  identity  systems  and  spur  further  research  into  the  subject. 

D.  ORGANIZATION  AND  METHODOLOGY 

The  goal  of  this  research  is  to  provide  a  thorough  understanding  of  the 
vulnerabilities  associated  with  weak  identity  systems  and  analyze  weaknesses  in  terms  of 
critical  infrastructure.  Previous  and  existing  vulnerabilities  will  be  described  using  case 
studies.  Some  of  these  examples  will  be  supplemented  with  personal  experiences  of  the 
author  in  dealing  with  the  consequences  of  identity  theft.  Current  policy  will  be  analyzed 
for  effectiveness  and  sufficiency  in  protecting  identity  management  systems  from 
existing  threats  to  homeland  security. 

Chapter  II  will  examine  identity  from  the  terrorist  perspective  and  review  case 
studies  to  pinpoint  how  identity  has  been  exploited  in  the  past.  Chapter  III  will  discuss 
how  organized  crime  supplies  a  thriving  fraudulent  identity  document  industry  while 
Chapter  IV  will  explore  other  common  users  of  fraudulent  documents  who  contribute  to 
the  undermining  of  the  identity  verification  system.  Finally,  Chapter  V  will  analyze  the 
preceding  evidence  in  terms  of  critical  infrastructure  while  providing  recommendations 
from  an  all-hazards  approach. 
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II.  TERRORIST  EXPLOITATION  OF  IDENTITY  SYSTEMS 


A.  INTRODUCTION 

Identity  management  is  an  essential  function  of  terrorist  operations.  The  9/11 
Commission  Report  recognized  that  “for  terrorists,  travel  documents  are  as  important  as  a 
weapon.  Terrorists  must  travel  clandestinely  to  meet,  train,  plan,  case  targets,  and  gain 
access  to  attack.”55  Consequently,  fragility  within  identity  systems  represents  a  risk  to 
global  and  U.S.  homeland  security. 

Document  alteration  and  fabrication  are  favored  terrorist  tactics  since  many 
nations  have  failed  to  create  comprehensive  systems  capable  of  checking  documents 
against  databases  and  other  unique  identifiers.  Given  the  interconnectedness  of  the 
international  travel  system,  a  weakness  in  one  region  constitutes  a  weakness  for  the  entire 
system.  Ramzi  Yousef  and  Ahmed  Ressam  are  two  al-Qaeda  operatives  who  applied 
common  terrorist  tactics  and  techniques  subvert  international  security  measures. 

The  9/11  hijackers  successfully  entered  the  United  States,  obtained  state  driver’s 
licenses,  and  avoided  detection  by  exploiting  the  limitations  of  numerous  identity 
systems.  Since  that  time,  the  Department  of  Homeland  Security  has  overseen  multiple 
programs  designed  to  prevent  operatives  from  entering  the  United  States  or  obtaining 
identity  documents.  Many  of  these  programs  have  not  been  completely  implemented  or 
are  still  susceptible  to  fraud.  This  chapter  will  analyze  examples  of  terrorist  evasion  and 
identity  acquisition  tactics,  followed  by  an  evaluation  of  efforts  to  counter  these  threats. 


55  National  Commission  on  Terrorist  Attacks  upon  the  United  States,  Thomas  H.  Kean,  and  Lee 
Hamilton.  The  9/11  Commission  Report:  Final  Report  of  the  National  Commission  on  Terrorist  Attacks 
Upon  the  United  States,  (2004),  384. 
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B. 


THE  INTERNATIONAL  TRAVEL  SYSTEM 


In  2010,  the  United  Stated  received  nearly  60  million  international  travelers.56 
The  overwhelming  majority  of  these  travelers  came  as  tourists  or  to  conduct  business. 
The  challenge  for  the  U.S.  Department  of  Homeland  Security  (DHS)  and  its  constituent 
agencies  is  to  distinguish  known  and  potential  terrorists  from  the  legitimate  travelers. 

International  travel  represents  a  significant  sector  of  the  American  economy.  In 
additional  to  supporting  1.1  million  domestic  jobs,  international  tourists  represent  7%  of 
all  U.S.  exports.57  Actions  taken  to  detect  terrorists  often  slow  international  travel 
procedures,  are  cumbersome,  and  deter  potential  travelers.  But  the  risk  to  U.S.  homeland 
security,  as  demonstrated  by  9/11,  requires  an  identification  process  that  is  user  friendly 
and  effective  at  detecting  terrorists. 

Prior  to  traveling  to  the  United  States,  foreign  nationals  must  apply  for  a  visa. 
Immigrant  visas  are  issued  to  persons  wishing  to  remain  in  the  United  States  for  an 
extended  period  of  time.  Nonimmigrant  visas  are  for  visitors  planning  a  temporary  stay. 
Foreigners  traveling  from  one  of  the  36  countries  participating  in  the  Visa  Waiver 
Program  are  not  required  to  apply  for  a  visa  unless  planning  to  stay  in  the  United  States 
for  more  than  90  days.58 

Visa  applications  and  passports  are  submitted  for  review  at  U.S.  consulates 
overseas.  The  Department  of  State  processes  visa  requests  and  determines  eligibility  to 
travel  to  the  United  States.  If  approved,  the  applicant  may  proceed  to  a  U.S.  port  of 
entry.  Immigration  officers  then  review  all  applicable  identity  documents  and  grant  final 
authorization  to  enter  the  United  States.59 


56  Office  of  Travel  and  Tourism  Industries,  “International  Visitation  to  the  United  States:  A  Statistical 
Summary  of  U.S.  Visitation,”  U.S.  Department  of  Commerce  (2010), 
http://tinet.ita.doc.gov/outreachpages/download  data  table/2010  Visitation  Report.pdf. 

57  Ibid. 

58  Staff  Report  of  the  National  Commission  on  Terrorist  Attacks  Upon  the  United  States,  Thomas  R. 
Eldridge  et  al.,  9/11  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist  Attacks 
Upon  the  United  States  (Franklin:  Hillsboro  Press,  2004):  72. 

59  Ibid.,  71. 
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The  Arrival/Departure  Record,  known  as  a  Fonn  1-94,  is  a  system  used  to  track 
visa  overstays.  This  paper  based  system  has  two  components.  The  arrival  section 
requires  travelers  to  provide  basic  information  to  include  name,  date  of  birth,  nationality, 
sex,  passport  number,  flight  itinerary,  and  an  address  where  they  can  be  located  while  in 
the  United  States.60  When  the  visit  is  complete  and  the  traveler  exits  the  country,  the 
transportation  carrier  is  required  to  complete  and  submit  the  departure  section  of  the  1-94 
to  DHS.61 

In  order  to  more  efficiently  track  visa  overstays  and  reinforce  border  security, 
Congress  required  the  fonner  Immigration  and  Naturalization  Service  (INS)  to 
“implement  an  automated  entry  and  exit  data  system  that  would  track  the  arrival  and 
departure  of  every  alien.”62  This  requirement  was  included  in  the  Illegal  Immigration 
Refonn  and  Immigrant  Responsibility  Act  of  1996.  Subsequent  modifications  to  the 
requirements  of  the  system  delayed  its  implementation.63 

Following  the  attacks  of  9/11,  the  entry/exit  program  became  the  foundations  of 
the  U.S.  Visitor  and  Immigrant  Status  Indicator  Technology  (U.S. -VISIT)  program. 
U.S. -VISIT  was  required  by  National  Security  Presidential  Directive  59  (NSPD- 
59)/Homeland  Security  Presidential  Directive  24  (HSPD-24)  to  “coordinate  the  sharing 
of  biometric  and  associated  biographic  and  contextual  infonnation  with  other  Federal 
agencies  and  foreign  partners.”64  Since  December  2006,  biometric  functionality  has  been 
used  at  300  ports  of  entry.65 


60  Department  of  Homeland  Security,  “Filling  Out  Arrival-Departure  Record,  CBP  Form  1-94,  for 
Nonimmigrant  Visitors  with  a  Visa  for  the  U.S.,”  last  modified  July  2,  2010, 
http://www.cbp.gov/xp/cgov/travel/id  visa/i-94  instructions/filling  out  i94,xml. 

Lisa  M.  Seghetti  and  Stephen  R  Vina,  “U.S.  Visitor  and  Immigrant  Status  Indicator  Technology 
(U.S. -VISIT)  Program,”  Congressional  Research  Service,  RL32234  (2005):  3. 

62  Ibid.,  1. 

63  Ibid.,  5. 

64  U.S.  Department  of  Homeland  Security,  “Biometric  Standards  Requirements  for  U.S. -VISIT,” 
March  15,  2010,  1,  http://www.dhs.gov/xlibrary/assets/usvisit/usvisit  biometric  standards.pdf. 

65  GAO,  “Homeland  Security:  Key  U.S. -VISIT  Components  at  varying  Stages  of  Completion,  but 
Integrated  and  Reliable  Schedule  Needed,”  GAO-10-13  (Washington,  D.C.,  November  2009):  7. 
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U.S. -VISIT  provides  significant  advantages  over  previous  authentication 
methods.  Foreign  visitors  are  required  to  submit  two  fingerprints  and  a  digital 
photograph  upon  entry  into  the  United  States.  This  infonnation  is  checked  against  and 
entered  into  a  database  known  as  the  Automated  Biometric  Identification  System 
(IDENT).  As  of  2010,  IDENT  contained  108  million  records.66  These  records  are  also 
checked  against  the  Federal  Bureau  of  Investigation’s  (FBI)  Integrated  Automated 
Fingerprint  System  (IAFIS)  that  contains  50  million  additional  records.67  U.S. -VISIT’S 
vast  database  is  used  by  four  agencies  within  DHS  as  well  as  the  Department  of  Defense 
(DoD),  Department  of  Justice  (DoJ),  and  Department  of  State  (DoS).68  “As  of  June  2009 
...  more  than  150,000  biometric  hits  in  entry  [resulted]  in  more  than  8,000  people  having 
adverse  actions,  such  as  denial  of  entry,  taken  against  them.”69 

While  the  biometric  data  contained  within  IDENT  helps  identify  known  terrorists 
and  visa  overstays,  U.S. -VISIT  has  a  very  significant  flaw.  DHS  has  been  unable  to 
comprehensively  implement  biometric  exit  capability.70  Without  this  capability,  U.S.- 
VISIT  cannot  determine  if  persons  who  entered  the  country  have  exited.  “Cost  overruns, 
schedule  delays,  and  performance  problems”71  were  cited  as  the  primary  factors  behind 
this  delay. 

Exit  capability  is  not  the  only  weakness  of  U.S. -VISIT.  U.S. -VISIT  is  an  identity 
management  network  that  is  dependent  upon  secure  token  identifiers  such  as  passports 
and  driver’s  licenses.  The  9/11  Staff  Report  stated  that  “Terrorists  rely  on  forged 


66  U.S.  Department  of  Homeland  Security,  “Biometric  Standards  Requirements  for  U.S. -VISIT,” 
(2010):  1. 

67  Ibid. 

68  U.S.  Department  of  Homeland  Security,  “Government  Agencies  Using  U.S. -VISIT,” 
http://www.dhs.gov/files/programs/gc  12 14422497220. shtm.  last  modified  March  4,  201 1. 

69  GAO,  “Homeland  Security:  Key  U.S. -VISIT  Components  at  varying  Stages  of  Completion,  but 
Integrated  and  Reliable  Schedule  Needed,”  7. 

70  GAO,  “Department  of  Homeland  Security:  Progress  Made  and  Work  Remaining  in  Implementing 
Homeland  Security  Missions  10  Years  after  9/11,”  GAO-1 1-919T  (Washington,  D.C.,  September  7,  2011): 
13. 

71  Ibid.,  1. 
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passports  and  fake  visas  to  move  around  the  world  unimpeded  and  undetected.”72  Ramzi 
Yousef,  Ahmed  Ressam,  and  the  9/11  hijackers  are  probative  case  studies  that 
demonstrate  common  terrorist  fraud  tactics.  These  tactics  are  still  relevant  in  the  pursuit 
of  secure  identity  management  systems  today. 

C.  TERRORIST  TRAVEL  TACTICS 

Ramzi  Yousef,  a  co-conspirator  in  the  1993  World  Trade  Center  bombing,  was 
apprehended  with  an  accomplice  in  1992  while  attempting  to  enter  the  United  States  with 
fraudulent  documents.  He  flew  in  first  class  from  Pakistan  because  he  believed  he  would 
receive  less  stringent  security  screenings  once  in  the  United  States.  In  addition  to 
numerous  documents  to  support  his  false  identity,  Yousef  was  found  with  other  passports, 
forgery  instructions,  and  stamps  used  to  alter  passports.  He  was  released  in  the  United 
States  after  he  claimed  political  asylum  and  later  escaped  to  Pakistan.  Although  Yousef 
was  eventually  captured,  he  was  able  to  evade  law  enforcement  for  years  by  using  altered 
and  fake  identity  documents.73 

In  1994,  Ahmed  Ressam  used  a  fraudulent  passport  to  travel  to  Canada  and  was 
admitted  after  he  claimed  political  asylum.  His  asylum  claim  was  denied  after  he  failed 
to  appear  in  court  and  a  warrant  was  issued  for  his  arrest.  Despite  many  misdemeanor 
arrests,  Ressam  was  released  and  remained  at  large.  He  used  a  fraudulent  baptismal 
certificate  to  receive  a  genuine  Canadian  passport  under  an  alias  and  traveled  to 
Afghanistan  to  receive  terrorist  training.  Upon  returning  to  Canada  in  1999,  Ressam 
devised  plans  to  detonate  a  bomb  at  Los  Angeles  International  Airport  soon  after  the 
millennium.  When  Ressam  was  trying  to  cross  the  border,  U.S.  Customs  officials  were 
alerted  by  his  nervous  demeanor  and  discovered  explosives  in  his  rental  vehicle.74 


72  Eldridge  et  al.,  9/11  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist 
Attacks  Upon  the  United  States,  47. 

73  Ibid. 

74  Kean  et  al.,  National  Commission  on  Terrorist  Attacks  upon  the  United  States,  The  9/11 
Commission  Report:  Final  Report  of  the  National  Commission  on  Terrorist  Attacks  Upon  the  United  States, 
176-79. 
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Passports  are  essential  token  identifiers  within  the  international  travel  system. 
They  are  designed  to  confirm  nationality,  identity,  and  immigration  status. 
Consequently,  passport  forgery  and  alteration  techniques  are  a  necessary  terrorist 
function. 

The  international  travel  system  depends  on  accurate  screening  of  travelers  at  the 
point  of  origin.  Yousef  subverted  this  measure  by  bribing  a  Pakistani  official.  75  Once 
he  was  admitted  into  the  system,  he  had  an  Iraqi  passport  to  support  his  cover  story. 
Secondary  screening  revealed  Yousef  had  no  visa  and  his  passport  was  fraudulent.  He 
was  arrested  but  released  into  the  United  States  after  he  claimed  political  asylum.76 

Passport  forgery  has  been  used  by  criminal  and  terrorist  elements  to  support 
operations.77  Forgery  is  used  to  generate  funding  and  create  documents  as  needed. 
Archaic  entry  and  exit  stamps  are  still  being  used  to  track  travel  history.  Terrorist  cells 
can  forge  or  manipulate  these  stamps  to  “conceal  their  terrorist  activities.”78  The  9/11 
and  Terrorist  Travel  staff  report  cited  “removing  visas  and  bleaching  stamps”79  as  a 
common  alteration  used  by  al  Qaeda  operatives. 

Rather  than  forging  a  passport,  Ressam  used  fraudulent  breeder  documents  to 
obtain  a  genuine  Canadian  passport.  This  tactic  represents  the  most  favorable  for  terrorist 
operatives.  Genuine  passports  stand  up  to  scrutiny  and  support  an  intended  narrative. 
Had  Ressam  been  able  to  control  his  nerves,  U.S.  customs  officers  would  have  had  no 
obvious  reason  to  refuse  him  entry  into  the  country. 

The  9/11  hijackers  successfully  navigated  gaps  in  immigration  processing  to  enter 
the  U.S.  and  remain  undetected.  The  9/11  and  Terrorist  Travel  staff  report  documents 

7^  Eldridge  et  at,  9/1 1  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist 
Attacks  Upon  the  United  States,  51. 

76  Ibid. 

77  Martin  Rudner,  “Misuse  of  Passports:  Identity  Fraud,  the  Propensity  to  Travel  and  International 
Terrorism,”  Studies  in  Conflict  &  Terrorism  31  (2008):  103. 

78  Kean  et  al.,  National  Commission  on  Terrorist  Attacks  upon  the  United  States,  The  9/11 
Commission  Report:  Final  Report  of  the  National  Commission  on  Terrorist  Attacks  Upon  the  United  States, 
386. 

79  Eldridge  et  al.,  9/1 1  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist 
Attacks  Upon  the  United  States,  66. 
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multiple  instances  of  identity  verification  failure  prior  to  the  terrorist  attack.  As  many  as 
seven  hijackers  submitted  manipulated  passports  with  their  visa  applications  to  enter  the 
United  States.80  Consular  officials  failed  to  recognize  the  alterations.  Three  hijackers 
“had  passports  that  contained  an  indicator  of  Islamist  extremism”  and  two  “made  false 
statements  about  prior  visa  and  travel  history  on  their  visa  applications.”81  Significant 
failures  existed  at  various  stages  of  the  immigration  identification  process. 

State  Department  and  immigration  officials  had  little  training  on  document  fraud, 
counterterrorism,  or  existing  databases  and  missed  all  indicators  of  nefarious  intent.82  In 
cases  where  databases  were  queried,  the  hijackers  provided  alternate  spellings  of  their 
names.  This  tactic  was  used  over  360  times  to  avoid  detection.83 

Two  hijackers,  including  Mohammad  Atta,  remained  in  the  United  States  despite 
expired  visas.84  No  exit  system  was  in  place  and  therefore  no  method  for  authorities  to 
determine  if  the  hijackers  were  still  in  the  United  States.85  Even  if  these  hijackers  had 
been  identified  as  visa  overstays,  there  was  no  link  with  law  enforcement  databases  to 
flag  the  infraction.86  A  flagging  mechanism  would  have  expanded  the  network  of 
officials  who  might  come  in  contact  with  the  hijackers  and  increased  the  chances  of 
capture. 

The  United  States  does  not  have  a  national  identification  system.  Instead,  state 
driver’s  licenses  and  ID  cards  are  commonly  used  to  verify  identification.87 
Understanding  the  importance  of  this,  all  but  one  of  the  9/11  hijackers  received  state 


80  Eldridge  et  at,  9/1 1  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist 
Attacks  Upon  the  United  States,  138. 
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87  Gordon  et  al.,  “Identity  Fraud:  A  Critical  National  and  Global  Threat,”  18. 
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identification  cards.88  Six  hijackers  used  their  ID  cards  “to  check  in  for  their  flights  on 
September  ll.”89  Three  of  the  ID  cards  used  were  obtained  fraudulently.90  State 
identity  issuing  standards  were  much  too  low  given  the  many  significant  uses  of  an 
identity  card  in  the  United  States. 

These  three  examples  demonstrate  many  of  the  common  tactics  used  by  terrorists 
to  subvert  identity  procedures  within  the  immigration  and  international  travel  systems. 
Passports  could  also  have  been  stolen,  borrowed,  rented  or  purchased.91  After  gaining 
access  to  the  United  States,  these  terrorists  evaded  capture  by  requesting  political  asylum, 
overstaying  visas,  and  manipulating  travel  documents  to  conceal  international  travel.92 
The  consistent  modus  operandi  demonstrated  that  “terrorist  operatives  employed  certain 
repetitive  travel  practices  that  were  ripe  for  disruption.”93 

The  Central  Intelligence  Agency  (CIA)  first  outlined  these  types  of  tactics  in  an 
annual  document  known  as  the  “Redbook.”94  This  infonnation  was  not  widely 
disseminated  even  though  a  serious  threat  to  homeland  security  was  clearly  recognized. 
The  Redbook  was  last  published  in  1992  and  research  on  terrorist  travel  tactics  waned 
until  after  the  attacks  on  9/1 1 .95 

Many  procedures  and  systems  have  been  updated  to  narrow  many  of  these  gaps  in 
homeland  security,  but  significant  gaps  still  exist.  More  robust  training,  procedures, 
systems  and  tamper-resistant  documents  are  needed.  International  travel,  identity,  and 
immigration  systems  require  seamless  integration  to  thwart  another  9/11 -style  attack.  A 
recent  example  demonstrates  this  need. 

88  Eldridge  et  at,  9/11  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist 
Attacks  Upon  the  United  States,  (2004),  preface,  x. 

89  Ibid. 

90  Ibid. 

91  Rudner,  “Misuse  of  Passports:  Identity  Fraud,  the  Propensity  to  Travel  and  International 
Terrorism,”  103. 

92  Eldridge  et  at,  9/1 1  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist 
Attacks  Upon  the  United  States,  (2004),  59. 

93  Ibid,  65. 

94  Ibid.,  47. 

95  Ibid.,  48. 
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The  Government  Accountability  Office  (GAO)  conducted  an  undercover 
investigation  from  July  to  December  2008  to  detennine  if  counterfeit  or  fraudulent 
documents  could  be  used  to  obtain  a  genuine  U.S.  passport.96  In  four  separate  instances, 
an  investigator  presented  various  combinations  of  fraudulent  driver’s  licenses,  birth 
certificates,  and  Social  Security  Numbers  (SSN)  with  a  passport  application  to  employees 
of  the  Department  of  State  (DoS)  and  U.S.  Postal  Service  (USPS).97  In  every  instance, 
he  was  issued  a  genuine  U.S.  passport.98 

First-time  passport  applications  are  required  to  be  completed  in  person  at  USPS  or 
DoS  offices.  The  applicant’s  identity  is  checked  against  two  fonns  of  photo  ID  and 
copies  of  all  documents  are  sent  to  DoS  for  verification.  If  all  documentation  is  correct 
and  the  applicant  is  eligible,  DoS  issues  a  passport. 

The  GAO  investigator  used  fraudulent  documents  of  an  unspecified  quality  to  test 
the  application  process  (Figure  3).  At  one  office,  he  presented  a  counterfeit  driver’s 
license,  a  counterfeit  birth  certificate,  and  a  SSN  for  a  5 -year-old  child.99  The  USPS 
accepted  his  counterfeit  documents  and  DoS  failed  to  catch  the  age  discrepancy  even 
though  the  application  recorded  his  true  age  of  53. 100  At  another  office,  the  investigator 
used  the  SSN  of  a  person  who  died  in  1965. 101  USPS  accepted  the  counterfeit  identity 
documents  and  DoS  again  failed  to  properly  verify  the  SSN.  The  investigator  used  one  of 
his  fraudulently  obtained  passports  to  “get  a  boarding  pass,  and  pass  through  the  security 
checkpoint  at  a  major  metropolitan-area  airport.”102 

When  the  results  of  the  investigation  were  released,  DoS  “agreed  that  [GAO’s]  findings 
expose  a  major  vulnerability  in  State’s  passport  issuance  process.”103  DoS  complained 

96  GAO,  “Department  of  State:  Undercover  Tests  Reveal  Significant  Vulnerabilities  in  State’s 
Passport  Issuance  Process,”  GAO-09-447  (Washington,  D.C.,  March  2009):  3. 

97  Ibid.,  4. 

98  Ibid. 

99  Ibid.,  8. 

100  Ibid. 

101  Ibid. 

102  Ibid.,  5. 

103  Ibid.,  9. 
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that  it  “does  not  have  the  ability  to  conduct  real-time  verification  of  the  authenticity  of 
birth  certificates”  and  that  they  “had  difficulties  with  verifying  the  authenticity  of  driver’s 
licenses.”104  USPS  did  not  issue  a  response. 105 


Table  1 :  Counterfeit  or  Fraudulently  Obtained  Documents  Used  to  Obtain  Genuine  U.S.  Passports 


Test 

number 

Month  of 
application 

Documents  submitted  as 

part  of  passport  application  process 

Number  of  days  between 
application  and  issuance 

1 

July  2008 

Counterfeit  West  Virginia  driver's  license 

Counterfeit  New  York  birth  certificate 

Passport  application  form 

8  days 

2 

August  2008 

Genuine  District  of  Columbia  identification  card  obtained  with 
fraudulent  documentation 

Counterfeit  New  York  birth  certificate 

Passport  application  form 

Same  day  (passport  issued 
the  date  of  application) 

3 

October  2008 

Counterfeit  West  Virginia  driver's  license 

Counterfeit  New  York  birth  certificate 

Passport  application  form  containing  SSN  of  a  fictitious  5-year-old 
child,  which  we  obtained  on  a  previous  investigation 

7  days 

4 

December  2008 

Counterfeit  Florida  driver's  license 

Counterfeit  New  York  birth  certificate 

4  days 

•  Passport  application  form  containing  SSN  of  a  deceased  individual 

Source:  GAO. 

Note:  In  all  four  tests,  our  Investigator  also  submitted  two  color  photographs  and  a  passport 
application  fee.  For  the  second  test,  the  Investigator  also  submitted  an  e-ticket  for  an  August  2008 
flight  to  Germany. 

Figure  2.  Documents  Used  to  Obtain  Genuine  U.S.  Passports106 


D.  CURRENT  POLICIES  AND  THE  WAY  AHEAD 

Following  the  attacks  on  9/11,  significant  reforms  began  to  change  the  security 
landscape.  Automated  exit/entry  systems,  machine-readable  travel  documents,  electronic 
passenger  manifests,  biometric  requirements,  and  standardized  technology  sharing 
standards  promised  to  secure  Americas  borders  from  transnational  terrorism.  In  2002,  the 
Department  of  Homeland  Security  was  fonned  to  oversee  the  numerous  government 
agencies  responsible  for  implementing  and  utilizing  these  systems. 

U.S. -VISIT  was  intended  to  automate  the  entry  and  exit  process  for  foreign 
travelers.  Biometric  fingerprint  scanners  and  passport  scanners  allow  identity 


104  Ibid.,  9. 

105  Ibid.,  10. 

106  Ibid.,  5. 
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information  to  be  stored  and  checked  against  the  IDENT  and  IAFIS  databases.  This 
allows  known  terrorists  be  identified  at  ports  of  entry.  However,  the  lack  of  an  exit 
component  significantly  degrades  system  utility. 107  Immigration  officials  do  not  have 
access  to  a  resource  that  can  quickly  identify  visa  overstays.108  Since  no  biometric  data 
is  taken  the  time  of  departure,  exit  records  cannot  be  accurately  checked  against  entry 
records. 109 

Although  biometric  data  is  a  necessary  component  of  the  international  travel 
system,  it  is  not  infallible.  A  terrorist  may  acquire  a  genuine  passport  using  a  fraudulent 
driver’s  license,  birth  certificate,  social  security  card,  or  other  breeder  documentation.  If 
that  terrorist  has  not  been  previously  biometrically  scanned,  he  may  be  granted  access  to 
the  United  States.  A  biometric  record  would  be  created,  but  no  alerts  would  be  raised  by 
his  alias. 

The  Transportation  Security  Administration’s  (TSA)  Secure  Flight  Program 
requires  airline  passengers  to  provide  name,  date  of  birth,  and  gender  when  purchasing 
tickets.  The  airline  submits  passenger  manifests  to  the  TSA  to  be  screened  against  the  No 
Fly  and  Selectee  lists.  Boarding  passes  are  issued  if  the  name  is  not  on  any 
corresponding  watch  list.  Passenger  identity  is  then  verified  using  a  government  issued 
ID  at  the  airport  as  part  of  the  security  screening  process.110  However,  most  domestic 
identity  documents  are  not  electronically  verified.  Fraudulent,  stolen,  or  altered  IDs  are 
easily  obtained  and  could  help  a  terrorist  pass  screening. 


107  GAO,  “Department  of  Homeland  Security:  Progress  Made  and  Work  Remaining  in  Implementing 
Homeland  Security  Missions  10  Years  after  9/11,”  GAO-1 1-919T  (Washington,  D.C.,  September  7,  2011): 
16. 

108  Seghetti  and  Vina,  “U.S.  Visitor  and  Immigrant  Status  Indicator  Technology  (U.S. -VISIT) 
Program,”  3. 

109  Ibid.,  13. 

1 10  U.S.  Transportation  Security  Administration,  “Secure  Flight  Program,”  last  modified  on  March  15, 
2010,  http://www.tsa.gov/what  we  do/layers/secureflight/. 
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A  recent  Government  Accountability  Office  (GAO)  report  examined  the  current 
state  of  U.S  efforts  to  thwart  terrorist  travel  and  warned  that  some  foreign  partners  pose  a 
significant  risk  in  four  key  areas.  First,  information  is  not  being  effectively  with  partners 
due  to  a  lack  of  a  comprehensive  terrorist  screening  database,  unwillingness  or  inability 
to  share  infonnation  between  countries,  and/or  failure  to  use  biometric  or  biographical 
data  in  the  screening  process. 1 1 1  Infonnation  sharing  requires  funding  and  resources  not 
readily  available  to  many  countries.  But  technology  standards  are  being  developed  to 
facilitate  biometric  sharing  in  the  future.112 

Second,  fraudulent  documents  (passports,  visas,  birth  certificates,  ect...)  are 
inexpensive  and  widely  available. 113  Many  are  indiscernible  if  not  checked  against 
existing  databases.  Surveys  showed  that  73%  of  asylum  officers  found  “it  was 
moderately  or  very  difficult  to  identify  document  fraud.”114  Scarce  resources  limit 
access  to  crosschecking  systems.  Identity  management  is  further  complicated  when 
countries  fail  to  report  lost  or  stolen  passports,  allowing  valid  documents  to  be  used 
fraudulently. 115 

Third,  the  passports  of  some  countries  do  not  have  sufficient  security  features  to 
prevent  reproduction  or  manipulation.  Saudi  passports,  for  example,  lack  serial  numbers 
that  could  be  watch  listed  to  detect  fraud.116  Even  when  updated  passports  are  issued, 
previous  versions  are  valid  for  up  to  ten  years  after  issuance. 117 


1 1 1  GAO,  “Combating  Terrorism:  Additional  Steps  Needed  to  Enhance  Foreign  Partner’s  Capacity  to 
Prevent  Terrorist  Travel,”  GAO-11-667  (Washington,  D.C.,  July  12,  2011):  11. 

1 12  U.S.  Department  of  Flomeland  Security,  “Biometric  Standards  Requirements  for  U.S. -VISIT,” 
(2010):  1. 

1 13  GAO,  “Combating  Terrorism:  Additional  Steps  Needed  to  Enhance  Foreign  Partner’s  Capacity  to 
Prevent  Terrorist  Travel,”  GAO- 1 1-667  (Washington,  D.C.,  July  12,  2011):  11. 

114  Ibid.,  19. 

115  Ibid.,  11. 

1 1 6  Eldridge  et  al.,  9/1 1  and  Terrorist  Travel:  Staff  Report  of  the  National  Commission  on  Terrorist 
Attacks  Upon  the  United  States,  (2004),  66. 

1 17  GAO,  “Combating  Terrorism:  Additional  Steps  Needed  to  Enhance  Foreign  Partner’s  Capacity  to 
Prevent  Terrorist  Travel,”  GAO-11-667  (Washington,  D.C.,  July  12,  2011):  13. 


26 


Finally,  the  customs  personnel  of  many  countries  are  subject  to  bribes  and 
corruption.  In  such  countries,  valid  passports  with  fake  identities  can  be  purchased 
relatively  inexpensively.  These  documents  are  then  added  to  international  databases  and 
are  accepted  as  valid  elsewhere. 118 

Many  U.S.  agencies  are  investing  in  programs  to  strengthen  the  capabilities  of 
foreign  partners  but  “the  international  travel  system  is  only  as  secure  as  its  weakest 
link.”119  The  current  system  still  has  significant  flaws  as  exemplified  by  the  case  of 
Olajide  Oluwaseun  Noib. 

In  the  summer  of  201 1,  Olajide  Oluwaseun  Noib  successfully  boarded  a  flight  to 

New  York  from  Los  Angeles  using  an  expired  boarding  pass  and  a  student  identification 

card.  At  the  security  checkpoint,  the  24-year-old  with  dual  U.S. -Nigerian  citizenship 

presented  his  student  ID  and  a  police  report  to  support  his  story  that  his  passport  was 

stolen.  Neither  the  security  screener  nor  security  supervisor  noticed  his  expired  boarding 

pass  with  another  person’s  name  and  allowed  him  to  pass.  Noib  was  not  identified  until 

his  flight  was  underway  and  airline  personnel  realized  he  was  sitting  in  a  seat  that  was 

supposed  to  be  vacant.  He  was  eventually  released  and  ordered  to  pay  restitution  after 

120 

spending  five  months  in  jail  awaiting  trial. 

Fortunately  for  the  passengers  on  his  flight,  Noib  was  not  a  terrorist.  He  was  an 
innovative  transient  who  discovered  a  convenient  way  of  subverting  TSA’s  security 
measures.  If  a  homeless  man  with  no  money  can  easily  overcome  current  security 
measures,  what  could  a  terrorist  with  training  and  financial  backing  accomplish? 


118  Ibid. 

119  Ibid.,  30. 

120  Carly  Schwartz,  “Olajide  Oluwaseum  Noibi  Sentenced  to  Time  Served  in  LA  Stowaway  Case,” 
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E.  CONCLUSION 

The  9/11  Commission  Report  created  a  list  of  recommendations  intended  to 
strengthen  U.S.  identity  verification  systems  in  response  to  the  inadequacy  of  existing 
systems.  At  the  top  of  this  list  was  the  inclusion  of  biometric  data  in  databases  at  U.S. 
ports  of  entry. 122  While  this  additional  layer  of  security  is  important  and  necessary,  it 
does  not  make  identity  verification  foolproof.  Databases  are  only  as  good  as  the 
information  they  contain.  Biometric  data  can  help  vet  out  aliases  and  simple  evasion 
tactics  such  as  alternate  name  spellings.  However,  biometric  data  cannot  prevent 
terrorists  from  acquiring  fake  source  documents  with  someone  else’s  infonnation  to 
obtain  genuine  passports. 

The  GAO  correctly  surmised  that  “the  international  travel  system  is  only  as  secure 
as  its  weakest  link.”123  While  U.S.  identification  and  security  systems  are  maturing,  they 
require  additional  development  to  reach  intended  potential.  Some  foreign  partners 
continue  to  allow  dangerous  lapses  in  security  measures  that  undennine  the  entire  system. 
Antiquated  paper  documents  and  a  general  lack  of  infonnation  sharing  contribute  to  these 
lapses.  Even  when  proper  document  security  measures  are  in  place,  corrupt  customs 
officials  are  available  to  subvert  the  vetting  process.  Strengthening  U.S  and  foreign 
partner  capabilities  is  vital  to  restrain  terrorist  travel  and  protect  the  integrity  of  the 
international  travel  system. 


122  Kean  et  al.,  National  Commission  on  Terrorist  Attacks  upon  the  United  States,  The  9/11 
Commission  Report:  Final  Report  of  the  National  Commission  on  Terrorist  Attacks  Upon  the  United  States, 
38. 

123  GAO,  “Combating  Terrorism:  Additional  Steps  Needed  to  Enhance  Foreign  Partner’s  Capacity  to 
Prevent  Terrorist  Travel,”  25. 
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III.  CRIMINAL  ORGANIZATIONS  AND  IDENTITY 

MANAGEMENT 

A.  INTRODUCTION 

Identity  management  is  critical  to  criminal  and  terrorist  organizations.  However, 
the  threat  of  organized  crime  plays  a  much  broader  and  more  pervasive  role  in  the 
undennining  of  identity  verification  systems.  Stolen  identity  infonnation  may  be  used  to 
establish  fraudulent  lines  of  credit,  create  fraudulent  documents,  or  sold  to  other  criminals 
for  profit.  Each  of  these  actions  creates  fractures  in  identity  verification  systems  that 
increase  fragility  and  decrease  reliability. 

Criminal  organizations  have  taken  advantage  of  technology  to  become  more 
decentralized  and  anonymous.  Both  criminal  and  terrorist  organizations  “operate  on 
network  structures  that  at  times  intersect,  such  as  using  smuggling  and  other  illicit  means 
to  raise  cash  and  then  employ  similar  fraud  schemes  to  move  their  funds.”124  Similar 
goals  and  structures  between  criminals  and  terrorists  allow  strategies  to  penneate 
between  each  set  of  organizations.125 

Network  analysis  tools  have  traditionally  been  applied  to  sectors  of  critical 
infrastructure.  Contemporary  criminal  organizations,  similar  to  terrorist  groups,  operate 
on  networked  constructs.  This  chapter  will  explore  the  structure  of  contemporary 
criminal  organizations,  explore  the  utility  of  network  analysis,  and  examine  links  with 
terrorism.  Additionally,  this  chapter  will  discuss  the  ways  criminal  organizations  exploit 
weaknesses  in  identity  verification  systems  while  focusing  on  the  risks  to  U.S.  homeland 
security. 


124  Frank  S.  Perri  and  Richard  G.  Brody,  “The  Dark  Triad:  Organized  Crime,  Terror  and  Fraud,” 
Journal  of  Money  Laundering  Control  14,  no.l  (2011):  45. 

125  Tamara  Makarenko,  “The  Crime-Terror  Continuum:  Tracing  the  Interplay  between  Transnational 
Crime  and  Terrorism,”  Global  Crime  6,  no.  1  (2004):  129. 
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Figure  3.  Uses  of  Fictitious  or  Stolen  Identity126 


B.  CONTEMPORARY  ORGANIZED  CRIME 

1.  Structure 

Many  contemporary  organized  criminal  enterprises  adhere  to  a  network  structure 
rather  than  territorial  or  regional  based  organization.  Networked  organizations  “are 
major  beneficiaries  of  globalization... [that]  take  advantage  of  increased  travel,  trade, 
rapid  money  movements,  telecommunications  and  computer  links,  and  are  well 

126  Gordon  et  al.,  “Identity  Fraud:  A  Critical  National  and  Global  Threat,”  18. 
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positioned  for  growth.”127  They  are  “exceptionally  nimble... adapt  quickly  to  changing 
political  and  economic  realities. . .[and  are]  pragmatic  and  willing  to  forge  new 
alliances.”128  Networked  structures  facilitate  adaptability  unlike  hierarchical  structures 
that  depend  on  leadership  and  rigid,  defined  structure  to  function.  Communications 
technologies  allow  decentralized  nodes  to  collaborate  across  borders,  often  anonymously. 
Networking  promotes  collusion  while  protecting  the  identity  of  each  respective  node  of 
the  organization. 

Decentralization  across  borders  exponentially  complicates  law  enforcement 
efforts  to  curtail  crime.  Jurisdictional  boundaries  and  limits  on  resources  restrict 
investigational  reach.  This  limitation  allows  criminal  organizations  to  diversify,  expand, 
or  downsize  as  needed  with  little  exposure.  Localized  efforts  to  disrupt  criminal 
operations  are  often  ineffectual  since  other  actors  are  readily  available  to  fill  any  voids  in 
the  system.  In  this  sense,  it  takes  a  network  to  defeat  a  network. 129 

Identity  management  is  a  vital  function  of  organized  crime  used  to  camouflage 
criminal  activity.  Concealing  identity  protects  nodes  of  criminal  organizations  from 
arrest  or  retaliation  by  rival  organizations.  Anonymity  insulates  the  network  in  case  any 
node  is  compromised  and  compelled  to  divulge  information.  That  node’s  knowledge  of 
the  network  is  limited  to  a  particular  sector. 

Identity  crimes  have  been  used  by  criminal  organizations  as  a  lucrative 
enterprise. 130  While  these  networks  typically  diversify  into  other  criminal  activities, 
identity  crimes  are  attractive  because  they  offer  a  low  risk  of  detection  while  providing  a 


127  Perri  and  Brody,  “The  Dark  Triad:  Organized  Crime,  Terror  and  Fraud,”  45. 
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Mexico  Policy  Options  for  Confronting  Organized  Crime,  ed.  Eric  L.  Olson,  David  A.  Shirk,  and  Andrew 
Selee  (Washington,  D.C.:  Woodrow  Wilson  International  Center  for  Scholars,  2010),  accessed  January  21, 
2012, 
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129  John  Arquilla  and  David  Ronfeldt,  Networks  and  Netwar:  The  Future  of  Terror,  Crime,  and 
Military  (Santa  Monica,  CA:  RAND,  2001),  15. 
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high  rate  of  return. 131  The  Federal  Trade  Commission  (FTC)  reports  that  stolen  identity 
information  is  most  often  used  to  commit  credit  card  fraud,  establish  utilities,  counterfeit 
financial  documents,  file  for  bankruptcy,  make  large  purchases,  gain  employment  or 
obtain  identity  documents.132  Each  of  these  tactics  allow  actors  to  sustain  their  criminal 
activity  while  simultaneously  carrying  out  the  responsibilities  of  their  respective  nodes  of 
the  network. 

2.  Network  Analysis  and  Transnational  Organized  Crime 

Transnational  organized  crime  presents  numerous  challenges  to  governments  and 
law  enforcement.  Jurisdictions  and  the  lack  of  international  cooperation  greatly 
contribute  to  the  success  and  sustainment  of  these  organizations.  Attempts  to  dismantle 
organized  crime  are  largely  ineffective  without  comprehensive  examination  of  the  entire 
organization.  Network  analysis  is  essential  to  obtain  a  larger  perspective  and  identify 
critical  nodes  of  network  structure  and  operation. 

Ted  G.  Lewis,  a  pioneer  in  the  field  of  critical  infrastructure,  defines  a  network  as 
“a  collection  of  nodes  and  links  that  connect  pairs  of  nodes.”133  A  basic  network  could 
consist  of  two  people  talking.  Each  person  represents  a  node  that  is  linked  by  two-way 
voice  communication.  This  network  can  be  pictorially  represented  by  two  dots  connected 
by  a  line.  If  the  example  is  expanded  to  include  ten  persons  having  random  conversations 
in  a  room,  the  pictorial  representation  becomes  more  complex.  Inferences  can  be  made 
about  the  relationships  between  each  person  by  observing  the  number  of  interactions,  the 
length  of  conversations,  or  physical  distance  maintained  between  nodes.  This  fonn  of 


131  Ibid.,  8. 

132  Federal  Trade  Commission,  “Take  Charge:  Fighting  Back  Against  Identity  Theft,”  February  2006, 
accessed  June  5,  201 1,  http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.pdf. 
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analysis  focuses  “on  structural  metrics  rather  than  analysis  of  the  characteristics  of  certain 
individual  members  of  a  group.”134  Combining  this  data  with  intelligence  helps  build  a 
more  concrete  model  for  investigation. 

Nodes  and  links  are  not  restricted  to  persons  or  communications.  They  can 
represent  “abstract  concepts.”135  In  the  example  of  organized  crime,  a  node  could 
represent  a  decision  maker,  a  critical  function  of  operations,  or  location  central  to  the 
organization.  When  basic  organizational  nodes  are  mapped,  vulnerabilities  can  be 
identified  and  targeted. 

In  the  field  of  infrastructure  protection,  vulnerability  analysis  is  used  to  identify 
network  weaknesses  and  examine  the  potential  for  failure  given  a  particular  attack.  The 
process  requires  the  identification  of  critical  nodes,  describing  the  relationship  between 
critical  nodes,  and  determining  which  nodes  are  essential  to  the  sustainment  of  the 
network. 136  This  process  can  be  applied  to  models  of  transnational  criminal 
organizations.  Critical  nodes  of  these  networks  can  then  be  effectively  targeted, 
dismantled,  or  fragmented  according  to  policy  objectives. 

Identity  crimes  require  a  network. 137  The  infrastructure  of  an  identity  theft/fraud 
network  can  be  divided  into  three  primary  roles.  Continuing  with  the  critical 
infrastructure  analogy,  these  roles  will  be  referred  to  as  generators,  transmitters/ 
distributors,  and  end  users. 138  Persons  responsible  for  stealing  information  or  blank  valid 
documents  are  generators.  They  are  typically  closest  to  identity  theft  victims  and  gather 


134  Chaochang  Chiu,  Yungchang  Ku,  Ting  Lie,  and  Yuchi  Chen,  “Internet  Auction  Fraud  Detection 
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137  Judith  M.  Collins,  Investigating  Identity  Theft:  A  Guide  for  Businesses,  Law  Enforcement,  and 
Victims  (Hoboken,  NJ:  John  Wiley  and  Sons,  2006),  18. 
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information  by  retrieving  it  from  the  trash,  mail  theft,  hacking  of  business  records, 
abusing  access  to  business  databases,  fraudulent  credit  card  scanners,  stealing  purses  or 
wallets,  or  phone  and  Internet  scams. 139 

Once  raw  information  or  documents  are  acquired,  generators  pass  it  to 
transmitters  or  distributors.  Transmitters  are  associated  with  larger  networks  and  move 
large  volumes  of  information  to  distributors.  In  smaller  networks,  transmitters  and 
distributors  can  be  the  same  actor.  Distributors  take  identity  information  and  convert  it  to 
a  useable  product  for  dissemination.  This  may  be  done  by  creating  fraudulent  documents 
or  by  soliciting  known  consumers. 

Finally,  the  end  user  takes  custody  of  the  fraudulent  documents  or  stolen 
information  to  use  as  needed.  The  end  user  provides  the  demand  for  identity  products 
and  sustains  the  criminal  network.  While  this  description  of  generators, 
transmitters/distributors,  and  end  users  is  very  simplistic,  the  particular  nuances  of  each 
criminal  network  vary  greatly.  Relationships  between  nodes  can  be  shaped  by 
geographic  location,  level  of  trust,  ability  to  communicate,  and  access  to  information. 
Additional  actors  can  be  subcontracted  or  fired  in  response  to  needs  of  the  network. 
Ultimately,  criminal  networks  grow,  adapt,  and  respond  to  demand  from  the  end  user. 

Network  and  vulnerability  analysis  provides  investigators  with  a  valuable 
resource.  It  creates  a  map  of  targeted  organizations  and  identifies  critical  nodes  of 
network  operations.  Resources  can  then  be  efficiently  concentrated  to  accomplish  policy 
objectives.  Without  network  and  vulnerability  analysis,  countering  organized  crime 
ineffectively  disperses  investigators  across  an  impossibly  wide  front. 

Hackers  are  persons  who  use  knowledge  and  capability  to  hijack  a  system  for  a 
purpose  other  than  it  was  originally  intended.  While  this  behavior  is  typically  associated 
with  computer  networks,  the  concept  is  easily  transferred  to  other  networks  as  well.  For 
instance,  identity  verification  networks  are  hacked  when  persons  misrepresent  themselves 
as  someone  else.  They  gain  access  to  goods  and  services  that  they  would  not  have 


I39  Federal  Trade  Commission,  “Take  Charge:  Fighting  Back  Against  Identity  Theft,”  2-3. 
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otherwise  been  entitled  to.  The  following  examples  demonstrate  some  of  the  ways  that 
identity  systems  can  be  hacked  by  criminal  organizations. 

3.  The  Criminal  Element  in  Action 

Network  security  is  often  maintained  by  “layering”  identity  crimes  to  complicate 
law  enforcement  efforts.140  Judith  Collins  describes  the  creation  and  layering  of  a 
criminal  network  in  her  book  Investigating  Identity  Theft:  A  Guide  for  businesses,  Law 
Enforcement,  and  Victims. 

A  woman,  who  was  hired  by  a  temporary  staffing  agency,  printed  a  list  of 
personal  infonnation  for  over  3,000  employees  on  her  last  day  of  employment.141  The 
list  included  “names,  home,  and  work  addresses,  Social  Security  numbers,  payroll  and 
other  personal  identifying  infonnation.”142  She  later  sold  and  distributed  the  information 
to  friends  and  family  who  continued  using  and  selling  it  to  others.  Investigators 
eventually  discovered  five  collaborating  cells  that  committed  a  wide  range  of  frauds  for 
financial  gain. 143 

This  five-cell  network  remained  relatively  centralized  and  consisted  of  45 
individuals.144  Members  of  some  cells  had  social  connections  with  other  cells  and 
network  communication  was  strong.  The  close  proximity  of  the  primary  actors  allowed 
investigators  to  sift  through  the  multiple  layers  of  identity  frauds  with  relative  ease.  The 
level  of  network  complexity  rises  exponentially  when  nodes  are  separated  by 
international  borders,  are  not  socially  acquainted,  or  covered  by  additional  layers  of 
identity  fraud  as  the  case  of  Khurram  Iftikhar  demonstrates. 

The  United  States  Postal  Inspectors  were  alerted  by  the  Monterey  County 
Sherriff  s  Office  in  1999  that  a  shipment  of  computer  components  had  been  ordered  with 


140  Collins,  Investigating  Identity  Theft:  A  Guide  for  Businesses,  Law  Enforcement,  and  Victims,  35. 

141  Ibid.,  21. 
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a  stolen  credit  card  number  and  was  en  route  to  a  local  parcel  shipping  service.145  U.S. 
Postal  Inspectors  investigated  the  report  and  discovered  many  similar  purchases,  all  sent 
to  various  branches  of  the  shipping  service  within  the  United  States.  The  purchaser  had 
provided  a  copy  of  a  fraudulent  photo  ID  and  forwarding  addresses  to  overseas  shipping 
companies.146 

The  investigation  progressed  slowly  since  U.S.  investigative  services  could  not 
compel  foreign  companies  to  provide  additional  evidence.  Interviews  of  the  victims, 
whose  credit  card  information  was  stolen,  revealed  that  all  had  attempted  to  purchase 
computer  products  from  Internet  auction  sites. 147  The  sites  were  being  used  to  seal  credit 
card  information  that  would  then  be  used  to  purchase  computer  products  to  be  shipped  to 
an  unknown  perpetrator. 148 

After  three  years  of  investigations  by  multiple  U.S.  and  foreign  law  enforcement 
agencies,  the  fraudulently  obtained  shipments  were  eventually  traced  to  a  business  in 
Pakistan.  Khurram  Iftikhar  created  an  elaborate  fraud  scheme  after  his  legitimate 
business  had  failed.149  After  obtaining  credit  card  numbers,  Iftikhar  made  several  small 
purchases  of  computer  products  that  were  sent  to  the  U.S.  shipping  service  and  then 
forwarded  to  overseas  shipping  companies.  After  the  many  smaller  shipments  were 
consolidated  into  larger  shipments  outside  the  United  States,  Iftikhar  would  provide 
shipping  instructions  to  his  company  in  Pakistan. 150 

Iftikhar  successfully  layered  his  criminal  activity  to  evade  detection  by  exploiting 
weaknesses  in  international  cooperation  and  by  using  fraudulent  identification.  His 
largest  failure  was  in  streamlining  the  fraud  process.  By  acting  as  the  generator, 
distributor  and  end  user,  Iftikhar  guaranteed  that  the  detection  of  any  one  facet  of  his 

145  Barry  G.  Mew,  “From  Pakistan  to  the  United  States:  U.S.  Postal  Inspectors  Untangle  a  Web  of 
Mail  Fraud,  Credit  Card  Fraud,  Internet  Fraud,  and  Identity  Theft,”  United  States  Postal  Inspection  Service 
Bulletin  51,  no.  1  (2003):  37. 
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operation  would  lead  to  the  discovery  of  the  entire  network.  Had  these  roles  been 
diversified  among  multiple  nodes,  a  compromised  node  could  have  been  quickly  replaced 
without  degrading  the  efficiency  of  the  network. 

Organized  crime,  as  it  has  been  described  above,  is  both  an  economic  and 
homeland  security  threat.  These  fraud  schemes  took  advantage  of  lapses  in  the  security 
of  identity  management  systems  and  international  borders  for  personal  financial  gain. 
However,  the  process  is  replicated  by  untold  numbers  of  similar  organizations  and 
individuals.  The  mass  proliferation  of  stolen  identity  and  fraudulent  documents 
undennines  the  reliability  of  identity  systems.  Crime  and  terror  organizations  exploit 
these  fractures  to  further  their  respective  agendas. 

C.  THE  “CRIME-TERROR  NEXUS”151 

Recent  research  suggests  that  criminal  and  terrorist  organizations  “have  begun  to 
reveal  many  operational  and  organizational  similarities.”152  This  is  particularly 
concerning  in  the  realm  of  identity  verification  and  management.  Identity  manipulation 
is  vital  to  the  success  of  both  organizations.  “Identity  fraud  is  a  national  and  global  threat 
to  the  security  of  nations  and  their  citizens,  the  economy,  and  global  commerce,  as  it 
facilitates  a  wide  range  of  crimes  and  terrorism.”153 

The  organizational  line  between  crime  and  terror  is  becoming  less  well 
defined.154  A  decline  in  state-sponsorship  of  terror  means  that  terrorists  must  turn 
elsewhere  for  funding. 155  Organized  criminal  activity  offers  a  proven  framework  to  help 
financially  support  terrorist  networks.  The  network  structure  is  ideal  for  smuggling 
operations,  corruption,  and  extortion  schemes  traditionally  seen  within  criminal 
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organizations.156  Document  fraud,  in  particular,  provides  a  source  of  funding  while 
simultaneously  fulfilling  a  vital  logistical  need.157  Figure  2  shows  how  stolen 
information  flows  through  a  criminal  and/or  terrorist  network  to  be  converted  into  capital 
or  used  as  a  logistical  tool  for  operations. 

Interactions  between  crime-terror  nexus  are  evident  but  are  not  always  clear. 158 
Recent  research  on  the  subject  provides  insight  as  to  the  ways  these  two  organizations 
share  strategies.  Established  criminal  organizations  are  primarily  profit  driven  and  are 
unlikely  to  turn  entirely  to  terrorism  since  governments  focus  efforts  against  high  profile, 
violent  groups.159 

Perri  and  Brody  describe  the  crime-terror  nexus  as  a  crosspollination  of  tactics 
between  criminal  and  terrorist  groups  designed  to  forward  each  other’s  respective 
agendas.160  Terrorists  may  use  criminal  resources  or  tactics  to  support  operations  while 
criminals  use  terrorist  methods  to  alter  the  political  landscape.  For  example,  Hassan 
Moussa  Makki  smuggled  cigarettes  from  Indian  reservations  to  buyers  in  Detroit, 
Michigan. 161  He  trafficked  “between  $36,000  and  $72,000  of  contraband  cigarettes  per 
month  between  1997  and  1999... [and]  would  then  remit  the  proceeds  from  these  illegal 
tobacco  sales  to  Hezbollah.”162  Conversely,  drug  cartels  have  used  targeted  violence 
against  Mexican  authorities  to  terrorize  and  force  officials  to  ignore  illicit  activity. 163 
The  sharing  of  tactics  benefits  both  organizations  while  allowing  each  to  focus  on  their 
core  motivations. 
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D. 


CONCLUSION 


Identity  management  is  a  critical  function  of  criminal  and  terrorist  organizations. 
Weak  identity  systems  allow  criminal  organizations  to  build  networks  dedicated  to 
identity  theft  and  fraudulent  document  production.  These  actions  provide  a  steady  source 
of  revenue  and  further  undermine  existing  identity  systems.  Comprehensive  reforms  are 
necessary  to  protect  the  nation  from  the  threat  to  economic  and  homeland  security. 

Critical  infrastructure  network  and  vulnerability  analysis  provides  a  promising 
framework  for  identifying  and  dismantling  criminal  organizations.  This  process  reduces 
“the  cognitive  and  information  overload”164  faced  by  investigators  and  policymakers.  An 
effective  counterstrategy  should  involve  “an  integrated  technological,  organizational,  and 
policy-based  approach.”165  In  any  case,  the  “war  on  terrorism  cannot  be  separated  from 
the  war  against  fraud.”166  Given  the  operational  and  organizational  ties  between  crime 
and  terror,  a  strategy  to  counter  fraud  should  diminish  the  capacity  and  capability  of  both 
to  function  effectively. 
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IV.  COMMON  VULNERABILITIES  OE  IDENTITY  SYSTEMS 


A.  INTRODUCTION 

The  asymmetric  threat  of  terrorism  gave  birth  to  the  fields  of  homeland  security 
and  critical  infrastructure  protection.  Both  are  relevant  studies  that  can  contribute  to  the 
security  of  identity  verification  systems.  While  many  changes  have  been  made  to  secure 
identity  systems,  terrorists  still  have  access  to  quality  identity  infonnation  and 
documents.  Fraudulent  documents  are  still  capable  of  subverting  security  processes. 
Transnational  terrorism  poses  a  real  threat  to  homeland  security,  but  terrorists  constitute  a 
very  small  percentage  of  the  population  that  utilizes  the  international  travel  system. 

Organized  transnational  crime  exploits  gaps  in  law  enforcement  capability  and 
international  cooperation.  Identity  management  is  a  vital  function  of  these  organizations 
and  is  widely  used  to  support  operations  and  generate  funding.  The  total  effect  of  their 
efforts  to  undennine  current  identity  systems  is  widely  unknown  since  no  single  data 
source  reports  on  the  fraudulent  use  of  identity. 167  However,  the  scope  of  system 
fragility  can  be  placed  into  perspective  by  canvassing  other  users  of  fraudulent 
documents. 

In  this  chapter,  common  sources  of  identity  system  fragility  will  be  examined. 
The  widespread  dissemination  and  use  of  fraudulent  identity  documents  exponentially 
complicates  efforts  to  target  terrorists  and  other  persons  who  pose  a  threat  to  homeland 
security.  Underage  drinkers,  illegal  immigrants,  and  other  criminal  actors  are  common 
supporters  and  users  of  the  fraudulent  document  industry.  Strategies  to  counter  terrorist 
travel  and  secure  identity  systems  must  take  these  actors  into  account.  The  cumulative 
impact  of  these  actors  in  not  known. 


l^7  G.  R.  Gordon,  N.  A.  Willox,  D.  J.  Rebovich,  T.  M.  Regan,  and  J.  B.  Gordon,  “Identity  Fraud:  A 
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B. 


COMMON  SOURCES  OF  IDENTITY  FRAGILITY 


1.  Underage  Drinkers 

In  the  first  six  months  of  201 1,  investigators  in  the  Chicago  area  seized  over  1700 
fake  driver’s  licenses  bound  for  teenagers  seeking  access  to  purchase  alcohol.168 
Websites  traced  to  China  took  personal  information  and  payment  online,  and  then 
shipped  fraudulent  driver’s  licenses  that  are  “indistinguishable”  from  their  authentic 
counterparts.169  The  shipments  arrived  hidden  inside  inconspicuous  goods  at  a  cost  of  no 
more  than  $100. 170 

Users  of  the  service  face  criminal  charges  and  potential  identity  theft 
victimization.  The  websites  require  users  to  provide  a  name,  photo  and  signature.171 
Addresses  are  taken  from  real  estate  websites.172  Service  providers  obviously  have  the 
capability  to  create  quality  fraudulent  licenses.  Users  who  submit  their  real  names 
unwittingly  give  the  service  providers  a  valid  identity  that  can  be  sold.  A  consumer 
advocacy  group  warns  that  personal  data  will  often  “end  up  on  a  network  of  illegal 
trading  sites  where  hackers  and  criminals  from  around  the  world  will  openly  buy  and  sell 
large  amounts  of  personal  data  for  profit.”173 

The  United  States  has  no  federal  identification  card  and  “a  driver’s  license  is  used 
as  the  primary  verification  tool  for  establishing  age  and  residency,  and  is  the 


168  Nancy  Harty,  “Fake  IDs  Made  in  China  Seized;  Underage  Kids  Cited,”  CBS  News,  July  22,  2011, 
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quintessential  photo  identification.”174  Fraudulent  driver’s  licenses  identify, 
authenticate,  and  authorize  imposters  to  access  services  they  might  not  otherwise  have. 
Prior  to  9/1 1,  a  U.S.  driver’s  license  was  the  only  required  documentation  needed  to  enter 
or  exit  the  United  States  by  land  into  Mexico  or  Canada.175  Procedures  have  been 
updated  to  require  a  passport,  but  a  fraudulent  driver’s  license  could  be  used  in  a  passport 
application. 

This  online  scheme  offers  a  simple  and  inexpensive  means  to  acquire  a  high- 
quality  breeder  document  without  risking  exposure  at  a  legitimate  license  issuing  office. 
Criminal  and  terrorist  organizations  can  now  outsource  this  skill  rather  than  maintaining 
internal  capability.  The  identity  service  provider  could  be  a  vital  node  within  criminal 
and  terrorist  networks. 

2.  Illegal  Immigration 

As  of  March  2010,  the  estimated  illegal  alien  population  in  the  United  States 
totaled  11.2  million  persons.176  Specific  numbers  are  not  available;  however,  “it  is 
reasonable  to  presume  that  many  of  these  unauthorized  aliens  are  committing  document 
fraud.”177  Employment  opportunity  draws  illegal  immigrants  into  the  United  States  and 
document  fraud  offers  them  the  capability  to  remain  undetected.  Although  federal  law 
prohibits  employers  from  hiring  illegal  aliens,  the  employment  verification  process  is 
fraught  with  document  and  identity  fraud.178  While  the  illegal  immigrant  population  is 
largely  innocuous,  the  industry  they  support  actively  undermines  essential  identity 
verification  systems.  A  recent  example  demonstrates  the  threat. 
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A  44-year-old  Pakistani  immigrant,  Shamsha  Laiwalla,  established  a  California 
business  that  claimed  to  handle  interactions  with  the  Department  of  Motor  Vehicles 
(DMV)  for  paying  customers.  In  addition  to  her  advertized  services,  she  was  able  to 
procure  valid  driver’s  licenses  and  breeder  documents  from  California,  Nevada,  and 
Washington.  An  undercover  detective,  posing  as  an  illegal  alien,  negotiated  with 
Laiwalla  to  receive  a  valid  driver’s  license,  “expertly  forged”  birth  certificate  and  Social 
Security  card  with  a  fraudulent  identity  in  exchange  for  $3,500. 179 

Laiwalla  was  part  of  an  extensive  network,  including  DMV  employees,  which 
could  create  valid  identification  documents  and  manipulate  state  records.  A  joint 
FBI/LAPD  counterterrorism  investigation  resulted  in  charges  against  Laiwalla  and  13 
accomplices. 180 

This  network  successfully  thwarted  ah  identity  issuing  security  measures  by 
corrupting  the  license  issuing  procedure.  Once  a  valid  license  and  breeder  documents  are 
obtained,  the  user  has  unlimited  access  to  the  rights  and  privileges  given  to  U.S.  citizens. 
Genuine  documents  that  are  fraudulently  obtained  are  nearly  impossible  to  trace. 

Visa  overstays  are  a  part  of  the  immigration  process  that  requires  immediate 
reforms.  Immigrants  or  visitors  lawfully  enter  the  United  States  and  then  fail  to  leave 
when  their  visas  expire.  Estimates  place  current  the  number  of  current  visa  overstays  at 
4  million  to  5.5  million  persons.181  U.S. -VISIT  creates  a  biometric  and  biographic 
record  for  visitors  entering  the  United  States,  but  cannot  detect  whether  visitors  leave 
when  expected  because  no  biometric  exit  data  is  collected.182  As  a  result,  entrance  and 
exit  data  cannot  be  compared.  The  9/1  land  Terrorist  Travel  staff  report  identified  visa 
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overstays  as  a  common  terrorist  tactic.183  If  a  terrorist  were  identified  after  entering  into 
the  United  States,  no  mechanism  could  reliably  detennine  if  he  or  she  remained  in  the 
country. 

Immigrants  who  enter  the  United  States  and  overstay  their  visas  must  seek 
employment.  Although  federal  law  prohibits  employers  from  hiring  illegal  aliens,  the 
employment  verification  process  is  fraught  with  document  and  identity  fraud.184  The 
E- Verify  system  offers  employers  an  electronic  alternative  to  paper-based  employment 
verification  systems,  but  a  research  firm  found  in  2009  that  over  50%  of  those  who  were 
ineligible  for  employment  were  found  eligible.185  The  U.S.  government  cannot 
effectively  restrict  illegal  immigrants  from  gaining  employment  because  document  fraud 
has  significantly  undermined  its  authentication  system. 

In  a  2011  Government  Accountability  Office  (GAO)  report,  73%  of  officers 
assigned  to  determine  identity  for  asylum  claims  reported  “it  was  moderately  or  very 
difficult  to  identify  document  fraud.”186  This  is  not  surprising,  given  the  availability  and 
relatively  low  cost  of  quality  identity  documents.  Incomplete  mechanisms  for  immigrant 
processing  and  ineffective  immigration  enforcement  contribute  to  the  undocumented 
immigrant  population.  While  most  are  in  the  United  States  seeking  opportunity,  the  large 
undocumented  population  exponentially  complicates  efforts  to  detect  terrorists  and 
criminals. 


3.  Cybercrime 

The  Internet  offers  an  infrastructure  for  information  sharing  that  is  unparalleled  in 
human  history.  Users  are  partially  protected  by  its  perceived  anonymity  and  large  scale 
use.  However,  resourceful  cybercriminals  have  developed  tools  to  target  user’s  private 
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information.  Nefarious  programs  collectively  known  as  “spyware”  are  capable  of 
covertly  breaching  computer  security  mechanisms,  controlling  system  resources,  and/or 
collecting  and  distributing  personal  information. 187 

Hacking  allows  skilled  persons  to  access  personal  information  from  networked 
systems.  Business  databases  are  particularly  vulnerable  to  hacking.188  In  April  2011, 
77  million  records  for  a  popular  gaming  console’s  were  hacked. 189  The  full  extent  of  the 
hack  could  not  be  determined,  however,  it  was  believed  that  names,  addresses,  birth 
dates,  e-mail  addresses,  logins,  passwords,  and  credit  card  information  was 
compromised. 190  Information  of  this  quality  could  easily  be  marketed  and  sold  online. 
Most  companies  maintain  electronic  records  and  customers  are  likely  to  have  personal 
information  on  file  with  many  different  businesses.  Customers  are  completely  powerless 
to  prevent  this  type  of  theft. 

The  Internet,  in  addition  to  providing  an  endless  source  of  identity  information, 
can  be  used  in  support  of  other  criminal  operations.  Online  credit  card  schemes  offer  a 
source  of  income  and  can  garnish  identity  information.191  Unrestricted  international 
communication  supports  smuggling  operations  and  movements  of  money. 192 
Transnational  terrorists,  in  particular,  have  found  this  capability  useful.  In  2007, 
FBI  Director  Robert  Muller  testified  to  Congress  that  “terrorists  increasingly  use  the 
Internet  to  communicate,  conduct  operational  planning,  proselytize,  recruit,  train  and  to 
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obtain  logistical  and  financial  support.”193  Activist  hackers,  commonly  known  as 
“hacktivists,”  have  reportedly  provided  financial  aid  to  al  Qaeda  with  identity  theft  and 
credit  card  schemes.194 

Internet  fraud  schemes,  identity  theft  from  spyware,  and  hacking  present  uniquely 
challenging  problems  for  U.S.  policymakers.  Congress  has  found  it  difficult  to  clearly 
define  the  differences  between  spyware  and  software  designed  to  enhance  the  user’s 
experience.195  Transnational  borders  complicate  efforts  to  bring  offenders  to  justice. 
Consequently,  Congress  has  been  unable  to  create  meaningful  legislation  to  restrict  the 
use  of  spyware.196  Instead,  most  legislation  has  been  aimed  at  strengthening  infonnation 
systems  and  notifying  victims  after  their  infonnation  has  been  stolen. 197 

The  Internet  is  a  means  of  identity  acquisition,  distribution,  and  fraudulent  use. 
Novices  can  use  it  to  educate  themselves  on  fraudulent  document  production  or  gain 
access  to  websites  that  will  generate  documents  to  order. 198  Criminal  organizations  and 
tenorists  increase  their  network  reach  beyond  international  borders  in  support  of 
organizational  goals.  Users  demand  additional  functionality  which  exposes  them  to  cyber 
attack,  but  governments  can  do  little  to  protect  them. 

4.  Common  and  Organized  Crime 

Common  criminals,  in  addition  to  cybercriminals,  erode  the  foundations  of 
current  identity  management  systems.  They  utilize  stolen  identity  on  a  smaller  scale  than 
organized  crime,  but  for  many  of  the  same  reasons.  For  example,  a  2007  U.S. 
Department  of  Justice  intelligence  bulletin  reported  that  methamphetamine  users  were 
increasingly  using  stolen  personal  checks  to  purchase  items  that  could  be  sold  or  traded 
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for  drugs.199  Stolen  identity  information  was  also  used  to  launder  large  transfers  of 
money  and  to  make  large  purchases  of  cold  medication  used  in  the  drug  manufacturing 
process.200 

Criminal  record  identity  theft  is  an  effective  tactic  used  to  evade  law  enforcement. 
When  arrested  or  cited,  an  imposter  misrepresents  himself  to  law  enforcement  using 
stolen  identity  information.201  The  imposter  is  then  released  without  repercussion.  This 
tactic  also  prevents  law  enforcement  from  determining  if  the  person  they  have  detained 
has  a  prior  record  or  outstanding  warrant.202  Criminal  record  identity  theft  complicates 
law  enforcement  efforts,  allows  criminals  to  walk  free,  and  passes  the  burden  of  clearing 
cases  of  mistaken  identity  to  victims.203 

Organized  crime  takes  advantage  of  networks  to  bring  diverse  resources  together. 
Shamsha  Laiwalla  used  her  access  to  clients  and  connections  with  corrupt  motor  vehicles 
officials  to  fulfill  demand  for  fraudulent  identity  documents.  Had  this  network  been 
strategically  located  across  international  borders,  Laiwalla’s  arrest  would  have  had  a 
minimal  impact.  Other  actors  could  quickly  fill  the  vacuum  left  by  her  arrest. 

Transnational  criminal  organizations  adapt  and  change  dynamically  in  response  to 
environmental  factors.  The  network  structure  they  use  is  a  function  of  their  adaptive 
nature.  Profit  motive  is  their  primary  motivation.  Strengthening  identity  systems  limits 
organizational  ability  to  move  people  and  money. 

5.  Policy  Decisions 

Policy  decisions  can  have  a  profound  effect  on  the  overall  security  of  identity 
management  systems.  Political  motivations,  poor  research  data,  and/or  lobbies  influence 
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policymakers  to  implement  changes  with  consequences  that  are  often  beyond  the 
intended  effect.  For  example,  New  Mexico’s  driver’s  license  law  was  intended  to  create 
an  immigrant-friendly  environment  but  ended  up  seriously  undermining  the  integrity  of 
the  system. 

In  2003,  New  Mexico  changed  state  law  to  allow  immigrants  to  acquire  a  driver’s 
license  that  is  exactly  the  same  as  that  of  a  U.S.  citizen.204  Applicants  are  required  to 
provide  breeder  documents  to  prove  their  identity,  but  cannot  be  asked  about  their 
immigration  status.  An  investigation  conducted  by  the  Associated  Press  discovered 
serious  indications  of  fraud.  Many  of  the  licenses  issued  had  business  or  fictitious 
addresses.  The  investigation  found  170  addresses  that  were  listed  to  10  or  more  persons. 
Some  of  these  could  be  legitimately  explained,  but  most  were  attributed  to  fraud.  New 
Mexico  licensing  authorities  had  no  mechanism  available  to  detect  when  multiple 
licenses  were  being  issued  to  the  same  address. 

New  Mexico’s  governor,  Susana  Martinez,  cited  national  security  concerns  in  her 
attempt  to  change  the  law.  She  surmised  that  the  licenses  could  “be  used  to  board 
airplanes,  conduct  financial  transactions,  or  get  another  license  in  some  other  state.”205 
The  bill  to  rescind  the  law  has  yet  to  pass  the  state  Senate  and  House. 

Federal  authorities  have  sought  to  control  state  procedures  for  issuing  identity 
documents  through  legislation.  The  REAL  ID  Act  of  2005  is  intended  to  increase 
security  standards  and  security  procedures  for  the  issuing  of  state  driver’s  licenses. 
Facilities  must  upgrade  security  infrastructure  by  incorporating  cameras,  alarms, 
electronic  detection  and  limiting  access  to  equipment  and  materials.206  Information 
technologies  must  be  interoperable  from  state-to-state  and  include  software  to  protect 
personal  information  from  hackers.207  Licenses  must  be  tamper-resistant  and  include 
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facial  recognition  capability.208  Business  practices  should  be  changed  have  licenses 
issued  from  a  central  processing  center  to  limit  employees  from  corrupting  the  system.209 
Finally,  all  breeder  documentation  provided  with  an  application  must  be  verified.210 

All  50  states  were  originally  required  to  be  in  compliance  with  the  new  standards 
by  May  11,  2011,  but  setbacks  forced  DFIS  to  push  the  final  compliance  date  back  to 
January  13,  2013. 211  Many  states  delayed  implementation  because  of  pending  legislation, 
the  PASS  ID  Act  of  2009,  which  would  have  made  these  provisions  optional.212  With  the 
final  implementation  of  REAL  ID,  the  United  States  will  have  an  identity  system  that  is 
functionally  equivalent  to  a  national  ID.  These  measures  should  significantly  increase 
the  validity  of  genuine  state-issued  identity  tokens.  However,  the  availability  of  quality 
fraudulent  counterparts  threatens  to  undermine  other  identity  systems. 

C.  CONCLUSION 

The  examples  above  demonstrate  some  of  the  many  ways  that  identity  systems  are 
undermined  resulting  in  decreased  utility.  U.S.  homeland  security  depends  on  systems 
that  can  quickly  and  accurately  verify  identity  persons  at  ports  of  entry  and  deep  inside 
the  nation.  Underage  drinkers,  illegal  aliens,  criminals,  poor  policy  all  contribute  to 
weaknesses  of  the  system.  The  immeasurably  large  number  of  fraudulent  documents 
exponentially  complicates  efforts  to  detect  and  apprehend  terrorists.  Organized  crime 
continues  to  manufacture  documents  to  meet  demand  while  making  a  profit  and  evading 
law  enforcement.  These  gaps  in  identity  systems  have  significant  detrimental  effects  on 
issues  that  are  central  to  U.S.  homeland  security. 
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Current  laws  and  regulations  “tend  to  deal  with  the  problem  in  a  piecemeal 
fashion,  rather  than  attacking  the  big  picture.”213  The  many  complicated  aspects  of 
identity  management  have  made  comprehensive  reform  difficult,  at  best.  Weak  identity 
systems  have  wide  ranging  effects  that  cannot  be  comprehensively  understood  without 
the  analytical  tools  used  in  critical  infrastructure.  Chapter  V  will  present 
recommendations  for  the  way  ahead  using  the  critical  infrastructure  framework. 
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V.  CONCLUSION  AND  RECOMMENDATIONS 


A.  INTRODUCTION 

This  thesis  is  focused  on  providing  a  thorough  understanding  of  the  vulnerabilities 
associated  with  weak  identity  systems  and  analyzing  identity  systems  as  a  critical 
infrastructure.  Terrorist  travel  tactics  were  explained  in  order  to  show  security  gaps  in 
the  international  travel  system.  Organized  crime  was  explored  as  a  potential  source  of 
fraudulent  documents  and  compared  with  terrorism  using  tools  of  network  analysis.  The 
effects  of  underage  drinkers,  illegal  immigration,  policy  decisions,  and  cyber  threats  were 
described  to  illustrate  the  range  of  actors  who  are  actively  undermining  identity  systems. 

No  single  source  can  determine  the  net  effect  that  these  entities  have  in  degrading 
identity  system  utility.  However,  the  critical  infrastructure  analogy  provides  a  framework 
necessary  to  start  identifying  critical  nodes  and  developing  effective  strategies  to  protect 
system  integrity.  The  structure,  function,  and  widespread  use  of  identity  systems 
necessitate  “unprecedented  cooperation  that  is  needed  to  develop,  implement,  and 
maintain  a  coordinated  national  effort  to  bring  together  government  at  all  levels.”214 

This  final  chapter  will  explore  the  framework  of  critical  infrastructure  and  draw 
comparisons  with  identity  systems.  Basic  principles  of  security  will  be  discussed  to 
further  the  analogy  and  outline  recommendations  for  future  policy. 

B.  CRITICAL  INFRASTRUCTURE  FRAMEWORK 

Critical  infrastructure  was  most  recently  defined  in  the  USA  PATRIOT  Act  of 
2001  as: 

Systems  or  assets,  whether  physical  or  virtual,  so  vital  to  the  United  States 

that  the  incapacity  or  destruction  of  such  systems  and  assets  would  have  a 
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debilitating  effect  on  security,  national  economic  security,  national  public 

health  or  safety,  or  any  combination  of  those  matters.215 

The  Department  of  Homeland  Security  currently  recognizes  18  separate  sectors  of 
critical  infrastructure.216  Under  HSPD-7,  the  Secretary  of  DHS  was  directed  to 
coordinate  national  efforts  to  identify,  assess,  and  protect  these  key  assets.  This  task  is 
infinitely  complicated  and  well  beyond  the  scope  of  any  single  bureaucracy.  Ted  G. 
Lewis  described  the  challenges  of  critical  infrastructure  protection  as  a  “set  of  wicked 
problems.”217 

Critical  infrastructure  is  large  in  terms  of  geographic  size  and  quantity.  The 
electrical  grid,  for  example,  contains  an  incomprehensible  number  of  miles  of  power 
lines.  Thousands  of  electric  generating  plants  feed  the  system,  monitor  its  load,  and 
respond  to  electrical  demand.  Neither  the  public  nor  private  sectors  have  direct  control  of 
the  grid,  but  regulatory  agencies  dictate  the  terms  that  allow  the  interconnected  plants  to 
operate  safely.  In  reality,  the  term  “grid”  is  insufficient  to  describe  the  electrical  system. 
Electricity  is  generated  and  distributed  through  a  system  of  systems. 

The  complexity  of  the  electrical  system  and  range  of  owner/operators  makes 
comprehensive  knowledge  of  intricate  nuances  of  the  system  nearly  impossible.218 
Analytical  tools  and  models  are  developed  to  describe  and  predict  system  function.  This 
is  particularly  important  when  defending  system  components  from  attackers  such  as 
terrorists.  If  the  most  vital  components  of  the  system  can  be  identified,  then  assets  can  be 
allocated  to  protect  them. 

Network  analysis  is  an  important  tool  used  to  determine  vulnerability.219  It  is 
used  to  map  and  describe  the  relationship  between  components,  or  nodes  of  a  system.  A 
system  that  can  continue  to  function  when  multiple  critical  nodes  experience  failure  is 
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resilient.220  Conversely,  a  system  that  fails  when  few  components  are  forced  offline  is 
brittle.221  A  cascading  failure  occurs  when  a  small  event  triggers  a  series  of  failures  that 
“propagates  throughout  a  major  portion  of  the  infrastructure,  ending  in  calamity.”222  The 
process  of  model-based  vulnerability  analysis  (MBVA)  allows  the  system  or  selected 
system  components  to  be  tested.223  Once  MBVA  is  conducted,  strategies  and  procedures 
can  be  developed  to  increase  system  resiliency. 

Policymakers  conduct  risk  analysis  using  MBVA.  224  Analyzing  risk  is  a  process 
of  making  decisions  to  allocate  resources  to  protect  critical  nodes  and  maximize  system 
utility.  Budgetary  constraints  limit  the  amount  of  resources  available  to  harden  critical 
nodes.225  System  function,  nature  of  the  threat,  and  intended  result  will  shape  how  these 
resources  are  spent.  Given  that  disruptions  can  be  caused  by  nature  or  man,  responses 
should  be  developed  from  an  “all-hazards”  approach.226  This  approach  mitigates  system 
disruption  by  tailoring  responses  to  meet  the  most-likely  threats.  A  chemical  spill,  for 
example,  could  be  caused  by  an  accidental  train  derailment  or  intentional  terrorist  act. 
Regardless  of  the  cause,  first-responders  must  have  equipment  and  trained  personnel 
available  to  counter  the  threat. 

Ted  G.  Lewis  identified  the  seven  major  challenges  to  infrastructure  protection  as 
vastness,  control,  information  sharing,  interdependencies,  system  knowledge,  inadequate 
analytical  tools,  and  asymmetric  conflict.227  Each  of  these  challenges  translates 
seamlessly  to  identity  systems. 

Identity  management  is  facilitated  by  vast  a  system  of  systems.  Interconnected 
databases,  under  public  and  private  control,  support  a  multitude  of  transactions. 
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Customers  and  service  providers  depend  on  identity  systems  to  return  immediate  and 
accurate  results  when  queried.  Roles,  responsibilities,  and  system  function  are  simplistic 
at  a  large  scale.  However,  complexity  of  the  system  and  of  these  relationships  rises 
exponentially  as  scale  decreases. 

Decreasing  the  scale  of  identity  systems  brings  this  narrative  to  uncharted 
territory.  This  thesis  has  argued  that  identity  is  a  system  and  asset,  physical  and  virtual, 
vital  to  the  United  States  that  would  have  a  debilitating  effect  on  national  and  economic 
security  if  incapacitated.  Acceptance  of  this  description  would  necessitate  observing 
identity  management  systems  as  a  stand-alone  sector  of  critical  infrastructure. 

Current  analytical  tools  of  identity  systems,  as  a  sector,  are  virtually  nonexistent. 
Statistical  data  and  policy  analysis  indicates  significant  system  degradation.  Network 
analysis  is  needed  to  model  major  components  of  the  overall  system  so  that 
vulnerabilities  can  be  clearly  identified  and  resources  effectively  managed.  Formal 
observation  of  this  sector  would  allow  federal  funding  to  be  allocated  and  would  assign 
federal  agencies  to  develop  a  sector-specific  plan. 

U.S.  national  security  depends  on  stronger  identity  systems.  Passports  and 
driver’s  licenses  are  important  token  identifiers  that  have  been  significantly  undermined 
by  theft  and  fraud.  Securing  these  systems  from  terrorists  and  criminal  organizations 
would  constitute  an  all-hazards  approach  to  national  security.  Recommendations  for 
increasing  security  must  take  into  account  the  basic  functions  of  all  identity  systems. 

C.  IDENTIFY,  AUTHENTICATE,  AUTHORIZE228 

Identity  systems,  as  a  meta-sector  or  stand-alone  sector  of  critical  infrastructure, 
are  expected  to  perform  three  basic  functions.  They  should  identify,  authenticate,  and 
authorize.  Figure  4  depicts  the  interaction  of  these  functions. 
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Figure  4.  Identify,  Authenticate,  and  Authorize  Diagram 


The  first  step  in  any  identity  system  is  identification  or  “the  act  [or  process]  of 
recognizing  or  establishing  as  being  a  particular  person.”229  In  small  groups,  individuals 
are  distinguished  visually  or  by  name.230  In  larger  complex  systems,  transactions  must 
take  place  between  persons  who  have  never  met.  A  name  and  account  number,  or  similar 
combination  of  specific  identifiers  helps  prevent  misidentification  between  persons  with 
the  same  name.  Transactions  in  identity  systems  begin  when  a  person  expresses,  “This  is 
who  I  am,  and  this  is  what  I  want.” 

Authentication  is  the  second  process  whereby  identity  is  verified.  This  can  be 
accomplished  by  something  a  person  knows  (knowledge-based),  something  he  has 
(token-based),  or  something  he  is  (biometric).231  Knowledge-based  identifiers  are 
passwords  or  information  that  should  be  unique  to  the  presented  identity.  Pharmacists 
always  ask  for  name  and  birth  date  when  customers  pick  up  prescriptions.  Chances  are 
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good  that  only  one  person  with  that  particular  combination  of  name  and  birth  date  will 
conduct  business  at  that  store.  However,  there  is  always  a  possibility  that  another  person 
could  have  the  same  combination  or  misrepresent  themselves  if  they  know  the 
combination  of  identity  and  knowledge-based  authentication  of  another  person. 

Authentication  is  token-based  when  identity  cards  or  physical  items  that  confirm 
identity  are  used.  Driver’s  licenses  and  passports  are  common  token  identifiers.  They 
contain  information  that  can  be  verified  to  facilitate  a  particular  transaction.  In  order  to 
purchase  alcohol,  a  person  must  be  able  to  prove  he  is  over  the  age  of  21.  A  driver’s 
license  is  commonly  used  for  this  purpose.  Major  portions  of  this  thesis  have  shown  that 
token-based  identifiers  are  susceptible  to  manipulation  or  counterfeiting. 

Modern  technology  has  increased  the  accuracy  and  specificity  of  the 
authentication  process  using  biometrics.  Fingerprints,  iris  scanning,  and  facial 
recognition  software  offer  an  accurate  authentication  rate  well  in  excess  of  90%.  Unique 
physical  identifiers  are  scanned,  stored  in  a  database,  and  then  compared  against 
subsequent  scans.  The  U.S. -VISIT  system  uses  fingerprint  technology  for  this  purpose. 
However,  the  system  can  be  undermined  if  a  person  successfully  misrepresents  his 
identity  to  authorities  and  his  biometric  data  is  associated  with  a  fraudulent  identity. 

The  third  function  of  identity  systems  is  authorization.  After  a  person  has  been 
identified  and  authenticated,  authorization  detennines  the  rights  or  privileges  he  is 
entitled  to.  A  driver’s  license  is  a  token  that  supports  identity  and  authorizes  that  the 
bearer  has  the  privilege  to  drive  a  motor  vehicle.  A  passport  supports  identity  and 
authorizes  the  bearer  to  all  rights  and  privileges  bestowed  to  a  citizen  of  its  issuing 
nation.  Terrorists  steal  passports  in  order  to  create  fraudulent  tokens  that  misrepresent 
their  true  identity  and  grant  authorizations  such  as  access  to  target  countries. 
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Figure  5.  Prototypical  Credit  Card  Transaction 


Figure  5  diagrams  a  prototypical  credit  card  transaction.  The  customer  identifies 
himself  to  a  service  provider  and  presents  a  credit  card  for  payment.  The  service  provider 
authenticates  the  customer’s  identity  by  checking  the  credit  card  against  a  picture  ID. 
Correlation  between  the  imprinted  name  on  the  credit  card  and  photo  ID  is  usually 
sufficient  for  most  transactions.  The  credit  card  company’s  database  is  queried,  funds  are 
authorized,  and  the  purchase  is  complete.  The  customer  is  subsequently  billed  for  all 
purchases  made  throughout  the  month. 

This  description  represents  an  ideal  scenario.  Most  service  providers  choose  to 
bypass  authenticating  credit  cards  against  a  photo  ID  because  this  step  inconveniences  the 
customer.  They  presume  that  the  majority  of  transactions  are  legitimate  and  accept  risk 
by  not  checking  authenticating  all  payments.  Profit  motives  dictate  that  the  speed  of  the 
transaction  is  more  important  than  accuracy.  Losses  are  estimated  and  factored  into 
costs.  Systems  that  do  not  identify,  authenticate,  and  authorize,  are  susceptible  to  fraud. 
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Figure  6.  Identity  Theft  and  Victimization 


Identity  theft  occurs  when  an  imposter  successfully  hacks  one  or  more 
components  of  an  identity  system.  Figure  6  describes  the  fraudulent  acquisition  of  credit 
using  stolen  information.  An  imposter  identifies  himself  as  using  a  victim’s  information. 
Credit  is  issued  in  the  victim’s  name  after  the  lending  company  fails  to  properly 
authenticate  the  imposter  applicant.  Purchases  accumulate  and  the  victim  is  billed.  If  the 
victim’s  address  is  not  used  on  the  credit  application,  the  account  could  be  sent  to 
collections  and  reported  to  the  credit  bureaus  without  the  victim  ever  knowing. 

This  scenario  is  repeated  thousands  of  times  per  year.  Once  a  victim  is  aware  his 
information  is  compromised,  he  is  essentially  powerless  to  prevent  it  from  being  used. 
The  credit  bureaus  offer  a  90  day  credit  alert  that  should  flag  the  account  and  require  a 
lender  to  contact  the  account  holder  before  issuing  credit.  But  this  action  is  voluntary  and 
the  lenders  would  rather  assume  risk  than  inhibit  a  transaction. 

These  scenarios  show  the  importance  of  interlacing  processes  in  identity 
networks.  Authentication  is  time  consuming  and  difficult.  Service  providers  choose  to 
assume  risk  in  order  to  increase  the  volume  of  transactions  and  decrease  customer 


60 


inconvenience.  This  level  of  risk  is  unacceptable  in  the  international  travel  system. 
Homeland  security  enterprises  require  resilient  identity  systems  that  are  effective  and 
efficient. 

Identity  systems  should  be  analyzed  as  a  critical  infrastructure.  The  process  to 
identify,  authenticate,  and  authorize  is  a  sector-specific  framework  that  is  used  to  locate 
faults  and  provide  greater  resolution  of  system  function.  This  framework  enhances 
existing  critical  infrastructure  terminology  and  increases  its  relevance  to  identity  systems. 

D.  RECOMMENDATIONS  FOR  THE  WAY  AHEAD 

Identity  systems  are  hacked  when  persons  misrepresent  themselves  and  receive 
authorizations  that  they  are  not  entitled  to.  All  three  functions  of  identity  systems  must 
work  in  concert  to  protect  the  integrity  of  the  system.  Layering  identity  techniques  and 
systems  decreases  the  chances  for  failure  and  increases  resiliency.  This  thesis 
demonstrates  that  many  identity  systems  do  not  meet  these  criteria. 

Passport  issuance,  for  example,  is  lacking  an  authentication  mechanism.  DoS 
officials  have  accepted  fraudulent  token  identifiers  (i.e.,  birth  certificates,  driver’s 
licenses)  and  issued  passports  because  of  bureaucratic  and  technical  limitations  on 
infonnation  sharing.232  Both  barriers  can  be  theoretically  breached,  but  would  require 
significant  financial  and  political  support.  Fonnalizing  identity  systems  as  a  critical 
infrastructure  sector  is  an  important  step  towards  this  goal.  Standardizing  identity  issuing 
and  verification  procedures  is  needed  to  increase  reliability  of  authentication  tokens. 

The  REAL  ID  act  of  2005  requires  states  to  meet  minimum  standards  for  issuing 
driver’s  licenses  and  ID  cards.  Applicants  must  present  multiple  breeder  documents  that 
must  all  be  verified.  Security  infrastructure  must  be  in  place  to  deter  issuing  authorities 
from  corrupt  behavior.  Databases  must  be  interoperable  from  state-to-state  to  facilitate 
data  verification.  All  infonnation  systems  must  be  protected  with  encryption  software  to 
prevent  hackers  from  gaining  access  to  personal  records.  REAL  ID  standards  should  be 


232  GAO,  “Department  of  State:  Undercover  Tests  Reveal  Significant  Vulnerabilities  in  State’s 
Passport  Issuance  Process,”  GAO-09-447  (Washington,  D.C.,  March  2009):  10. 
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comprehensively  and  universally  implemented.  States  that  refuse  to  comply  or  reallocate 
DHS  funding  should  be  punitively  punished  by  withholding  federal  funds.  Homeland 
security  is  contingent  upon  secure  ID  issuing  procedures. 

Increasing  interoperability  by  connecting  state  infonnation  databases  is  an 
important  component  of  REAL  ID,  but  one  that  creates  a  new  threat.  State  employees 
would  suddenly  have  access  to  significantly  more  infonnation  than  ever  before. 
Increasing  system  utility  also  makes  the  system  a  more  appealing  target  for  thieves. 
Access  to  an  interstate  database  should  be  restricted  to  as  few  persons  as  possible.  These 
trusted  few  should  be  subject  to  an  extensive  background  and  credit  check,  similar  to 
those  seeking  a  security  clearance  in  the  U.S.  military.  Information  compartmentalization 
and  two-person  integrity  are  effective  methods  for  ensuring  database  access  is  not 
misused. 

REAL  ID  standards  significantly  increase  the  reliability  of  genuine  authentication 
tokens.  However,  quality  fraudulent  documents  are  widely  available  from  multiple 
sources.  No  single  authentication  token  should  be  accepted  as  proof  of  identity  for  most 
transactions.  Relying  on  a  single  token  for  authentication  constitutes  a  brittle  system. 
Verification  mechanisms  must  be  built  into  the  system  to  check  identity  tokens  against 
databases.  For  instance,  airport  security  personnel  should  have  the  capability  to  swipe 
any  driver’s  license  and  instantly  have  the  accompanying  state  record  displayed.  This 
type  of  system  dramatically  decreases  the  utility  of  a  fraudulent  ID  token  since  security 
personnel  can  immediately  compare  the  traveler’s  appearance  with  the  token  picture,  and 
picture  on  file.  Restricting  system  access  by  removing  active  search  capability  prevents 
records  from  arbitrary  searches,  preventing  misuse. 

Government-maintained  identity  databases  carry  particular  importance  because  of 
the  authorizations  they  provide,  but  businesses  maintain  the  vast  majority  of  personal 
information.  The  average  consumer  has  no  insight  as  to  the  quality  of  identity  system 
management  with  a  company.  The  Federal  Trade  Commission  should  develop  a 
voluntary  annual  certification  process  for  participating  businesses.  A  scalar  system 
would  give  consumers  ratings  to  compare  before  divulging  personal  infonnation. 

Conversely,  businesses  would  have  incentive  to  acquire  a  certification  and  the  highest 
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possible  rating.  This  system  would  take  advantage  of  market  competition  to  strengthen 
information  systems  and  overall  economic  security. 

E.  CONCLUSION 

Identity  management  systems  meet  the  prima  facie  elements  for  critical 
infrastructure.  Protection  of  these  systems  is  essential  to  homeland  and  economic 
security.  A  layered  approach  to  security  is  essential  to  strengthen  the  functions  of  the 
system.  Policy  options  to  strengthen  systems  need  to  be  effective  and  efficient. 
Analyzing  identity  management  systems  as  a  critical  infrastructure  provides  the 
framework  necessary  to  make  infonned  policy  decisions. 
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